You are not logged in.

#1 2019-06-03 11:16

jotapesse
Member
From: Algarve, Portugal
Registered: 2019-03-23
Posts: 67

HiddenWasp Malware Stings Targeted Linux Systems

I just noticed this recent security/malware issue regarding Linux. It just shows there aren't 100% secure systems. Altough we're used to discard the use of anti-malware/anti-virus software in Linux we may have to start thinking otherwise...

HiddenWasp Malware Stings Targeted Linux Systems

Intezer wrote:

Overview
• Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems.
• The malware is still active and has a zero-detection rate in all major anti-virus systems.
• Unlike common Linux malware, HiddenWasp is not focused on crypto-mining or DDoS activity. It is a trojan purely used for targeted remote control.
• Evidence shows in high probability that the malware is used in targeted attacks for victims who are already under the attacker’s control, or have gone through a heavy reconnaissance.
• HiddenWasp authors have adopted a large amount of code from various publicly available open-source malware, such as Mirai and the Azazel rootkit. In addition, there are some similarities between this malware and other Chinese malware families, however the attribution is made with low confidence.
• We have detailed our recommendations for preventing and responding to this threat.


jotapesse - Obrigado / Thank you.

Offline

#2 2019-06-03 14:17

Dai_trying
Member
From: UK
Registered: 2015-12-14
Posts: 2,993

Re: HiddenWasp Malware Stings Targeted Linux Systems

I saw a post in the Debian Forums about this too, and although I am not too concerned about it (I am quite careful with my internet usage and do not have ports open to the outside) I do think it is something we (Linux users) will have to become more vigilant with.

I have been reading with interest some information regarding South Korea and Japan taking Linux more seriously and as we all know the more users an OS gets the more targeted they will become. Imagine Linux becomes as popular as Window$, do you think we would still be living virus free? I think probably not... But for the time being I will stay relaxed in the knowledge that I keep my system reasonably secure and my browsing habits in check.

Offline

#3 2019-06-03 19:04

jotapesse
Member
From: Algarve, Portugal
Registered: 2019-03-23
Posts: 67

Re: HiddenWasp Malware Stings Targeted Linux Systems

Yes, the trouble is that Linux is much more "popular" than we currently give credit for. Linux nowadays powers internet connected routers, switches, scanners, printers, computers, tablets, TV's, smartphones, smartwatches, cameras, and many more IoT devices. So, we already know malware, rootkits and virus exist for them. We probably don't know how many or how much exist...


jotapesse - Obrigado / Thank you.

Offline

#4 2019-06-03 19:22

Dai_trying
Member
From: UK
Registered: 2015-12-14
Posts: 2,993

Re: HiddenWasp Malware Stings Targeted Linux Systems

I have to say I didn't think about the phones etc that use Linux as I tend not to do too much on mine, and you are definitely right about how popular the kernel is, but it is usually the surrounding applications that cause the problems and with Linux being very different between different OS's it makes it a little harder to compromise any given system, especially as most malware requires a certain version of a vulnerable software to be effective.

I think we are likely to see most impact with mobile phones as they seem to use a set format for everything so an attacker will already know a lot about any Android device's system layout. Hopefully Android developers will keep on top of the worst and users will be vigilant and report any suspicious applications that are found. I know it would not stop an attacker but as long as we don't make it easy for them we can be relatively safe (for now at least). smile

Offline

#5 2019-06-04 06:21

bin
Member
From: U.K.
Registered: 2016-01-28
Posts: 1,333

Re: HiddenWasp Malware Stings Targeted Linux Systems

First step towards safety is to set the sudo timeout to 0 in /etc/sudoers.d/q4_sudo_confd

This does however raise an interesting (bug?) for which I'll open a support topic.

Last edited by bin (2019-06-04 06:53)

Offline

#6 2019-06-04 09:23

Dai_trying
Member
From: UK
Registered: 2015-12-14
Posts: 2,993

Re: HiddenWasp Malware Stings Targeted Linux Systems

This is where you have to maintain a balance of security Vs convenience, I don't usually change this setting as I find it convenient to only have to type my password once when performing a session of tasks that need privileges. But like all things it is a matter of preference and I would never say that the way I do things is the best way, just my way. smile

Offline

#7 2019-08-04 19:08

crosscourt
Member
From: Wash DC
Registered: 2017-05-07
Posts: 1,872
Website

Re: HiddenWasp Malware Stings Targeted Linux Systems

Speaking to Dai's comment about Linux with Japan and South Korea, heres a list of countries that use national operating systems based on Linux.  https://itsfoss.com/linux-national-os/  Slightly old article but most of the listings are still relevant.

Also agree with Dai's comment about not being too worried about it.

Last edited by crosscourt (2019-08-04 19:11)


Q4OS Aquarius 5.x KDE   Dell Inspiron 3670  i5 8600, GTX 1660 Super, 32gb, 2tb NVME SSD

Offline

#8 2019-08-04 19:57

Dai_trying
Member
From: UK
Registered: 2015-12-14
Posts: 2,993

Re: HiddenWasp Malware Stings Targeted Linux Systems

crosscourt wrote:

Also agree with Dai's comment about not being too worried about it.

One of my Motto's

dRXyysQm.jpg

Offline

#9 2019-08-04 20:04

crosscourt
Member
From: Wash DC
Registered: 2017-05-07
Posts: 1,872
Website

Re: HiddenWasp Malware Stings Targeted Linux Systems

LOL!!!! Nice!  big_smile


Q4OS Aquarius 5.x KDE   Dell Inspiron 3670  i5 8600, GTX 1660 Super, 32gb, 2tb NVME SSD

Offline

#10 2019-08-10 19:50

Rademes
Member
From: Latvia
Registered: 2015-12-13
Posts: 637

Re: HiddenWasp Malware Stings Targeted Linux Systems

There are eight viruses in Linux!
One of them is targeted to specific Linux system.
Two of them are not working.
And Five of them are located between chair and monitor!

The worst virus is inexperienced user with root access.

Last edited by Rademes (2019-08-10 19:58)


Before asking for help please read this topic: https://www.q4os.org/forum/viewtopic.php?id=3502   If you have problems with WiFi network, try to install the Network Manager using Q4OS Software Centre.

Offline

#11 2019-08-10 20:44

JimW
Member
Registered: 2015-12-08
Posts: 400

Re: HiddenWasp Malware Stings Targeted Linux Systems

The worst virus is inexperienced user with root access.

I think that is also known as the ID TEN T error. (ID10T)

Offline

#12 2019-08-10 20:56

crosscourt
Member
From: Wash DC
Registered: 2017-05-07
Posts: 1,872
Website

Re: HiddenWasp Malware Stings Targeted Linux Systems

LoL!!  Inexperienced users and what I call non-cooperative users are the cause of most issues, totally agree.


Q4OS Aquarius 5.x KDE   Dell Inspiron 3670  i5 8600, GTX 1660 Super, 32gb, 2tb NVME SSD

Offline

#13 2019-10-02 23:18

upALLnight
Member
Registered: 2018-06-04
Posts: 37

Re: HiddenWasp Malware Stings Targeted Linux Systems

crosscourt wrote:

LoL!!  Inexperienced users and what I call non-cooperative users are the cause of most issues, totally agree.

Someone call me?

Yep, one of those dreaded noObs, a bloatware refugee blundering about with a terminal and the trigger safety set to "off" ... jokes aside, tho, I am a bloatware refugee, and I have been blundering about with a terminal. Is there a way to double-check the integrity of Q4os installation?

Also, is there an easy, noob-style way to close open ports?

Offline

#14 2019-10-04 19:40

deanr
Member
From: Poland
Registered: 2019-09-07
Posts: 60

Re: HiddenWasp Malware Stings Targeted Linux Systems

crosscourt wrote:

Speaking to Dai's comment about Linux with Japan and South Korea, heres a list of countries that use national operating systems based on Linux.  https://itsfoss.com/linux-national-os/  Slightly old article but most of the listings are still relevant.

Also agree with Dai's comment about not being too worried about it.

Fascinating. Thanks for the link!

Offline

Board footer

Powered by FluxBB