You are not logged in.

#1 2019-06-03 11:16

jotapesse
Member
From: Algarve, Portugal
Registered: 2019-03-23
Posts: 64

HiddenWasp Malware Stings Targeted Linux Systems

I just noticed this recent security/malware issue regarding Linux. It just shows there aren't 100% secure systems. Altough we're used to discard the use of anti-malware/anti-virus software in Linux we may have to start thinking otherwise...

HiddenWasp Malware Stings Targeted Linux Systems

Intezer wrote:

Overview
• Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems.
• The malware is still active and has a zero-detection rate in all major anti-virus systems.
• Unlike common Linux malware, HiddenWasp is not focused on crypto-mining or DDoS activity. It is a trojan purely used for targeted remote control.
• Evidence shows in high probability that the malware is used in targeted attacks for victims who are already under the attacker’s control, or have gone through a heavy reconnaissance.
• HiddenWasp authors have adopted a large amount of code from various publicly available open-source malware, such as Mirai and the Azazel rootkit. In addition, there are some similarities between this malware and other Chinese malware families, however the attribution is made with low confidence.
• We have detailed our recommendations for preventing and responding to this threat.


jotapesse - Obrigado / Thank you.

Offline

#2 2019-06-03 14:17

Dai_trying
Member
From: UK
Registered: 2015-12-14
Posts: 2,635
Website

Re: HiddenWasp Malware Stings Targeted Linux Systems

I saw a post in the Debian Forums about this too, and although I am not too concerned about it (I am quite careful with my internet usage and do not have ports open to the outside) I do think it is something we (Linux users) will have to become more vigilant with.

I have been reading with interest some information regarding South Korea and Japan taking Linux more seriously and as we all know the more users an OS gets the more targeted they will become. Imagine Linux becomes as popular as Window$, do you think we would still be living virus free? I think probably not... But for the time being I will stay relaxed in the knowledge that I keep my system reasonably secure and my browsing habits in check.

Offline

#3 2019-06-03 19:04

jotapesse
Member
From: Algarve, Portugal
Registered: 2019-03-23
Posts: 64

Re: HiddenWasp Malware Stings Targeted Linux Systems

Yes, the trouble is that Linux is much more "popular" than we currently give credit for. Linux nowadays powers internet connected routers, switches, scanners, printers, computers, tablets, TV's, smartphones, smartwatches, cameras, and many more IoT devices. So, we already know malware, rootkits and virus exist for them. We probably don't know how many or how much exist...


jotapesse - Obrigado / Thank you.

Offline

#4 2019-06-03 19:22

Dai_trying
Member
From: UK
Registered: 2015-12-14
Posts: 2,635
Website

Re: HiddenWasp Malware Stings Targeted Linux Systems

I have to say I didn't think about the phones etc that use Linux as I tend not to do too much on mine, and you are definitely right about how popular the kernel is, but it is usually the surrounding applications that cause the problems and with Linux being very different between different OS's it makes it a little harder to compromise any given system, especially as most malware requires a certain version of a vulnerable software to be effective.

I think we are likely to see most impact with mobile phones as they seem to use a set format for everything so an attacker will already know a lot about any Android device's system layout. Hopefully Android developers will keep on top of the worst and users will be vigilant and report any suspicious applications that are found. I know it would not stop an attacker but as long as we don't make it easy for them we can be relatively safe (for now at least). smile

Offline

#5 2019-06-04 06:21

bin
Member
From: U.K.
Registered: 2016-01-28
Posts: 695

Re: HiddenWasp Malware Stings Targeted Linux Systems

First step towards safety is to set the sudo timeout to 0 in /etc/sudoers.d/q4_sudo_confd

This does however raise an interesting (bug?) for which I'll open a support topic.

Last edited by bin (2019-06-04 06:53)

Offline

#6 2019-06-04 09:23

Dai_trying
Member
From: UK
Registered: 2015-12-14
Posts: 2,635
Website

Re: HiddenWasp Malware Stings Targeted Linux Systems

This is where you have to maintain a balance of security Vs convenience, I don't usually change this setting as I find it convenient to only have to type my password once when performing a session of tasks that need privileges. But like all things it is a matter of preference and I would never say that the way I do things is the best way, just my way. smile

Offline

Board footer

Powered by FluxBB