HiddenWasp Malware Stings Targeted Linux Systems

jotapesse · 2019-06-03 11:16

I just noticed this recent security/malware issue regarding Linux. It just shows there aren't 100% secure systems. Altough we're used to discard the use of anti-malware/anti-virus software in Linux we may have to start thinking otherwise...

Intezer wrote:

Overview
• Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems.
• The malware is still active and has a zero-detection rate in all major anti-virus systems.
• Unlike common Linux malware, HiddenWasp is not focused on crypto-mining or DDoS activity. It is a trojan purely used for targeted remote control.
• Evidence shows in high probability that the malware is used in targeted attacks for victims who are already under the attacker’s control, or have gone through a heavy reconnaissance.
• HiddenWasp authors have adopted a large amount of code from various publicly available open-source malware, such as Mirai and the Azazel rootkit. In addition, there are some similarities between this malware and other Chinese malware families, however the attribution is made with low confidence.
• We have detailed our recommendations for preventing and responding to this threat.

Dai_trying · 2019-06-03 14:17

I saw a post in the Debian Forums about this too, and although I am not too concerned about it (I am quite careful with my internet usage and do not have ports open to the outside) I do think it is something we (Linux users) will have to become more vigilant with.

I have been reading with interest some information regarding South Korea and Japan taking Linux more seriously and as we all know the more users an OS gets the more targeted they will become. Imagine Linux becomes as popular as Window$, do you think we would still be living virus free? I think probably not... But for the time being I will stay relaxed in the knowledge that I keep my system reasonably secure and my browsing habits in check.

jotapesse · 2019-06-03 19:04

Yes, the trouble is that Linux is much more "popular" than we currently give credit for. Linux nowadays powers internet connected routers, switches, scanners, printers, computers, tablets, TV's, smartphones, smartwatches, cameras, and many more IoT devices. So, we already know malware, rootkits and virus exist for them. We probably don't know how many or how much exist...

Dai_trying · 2019-06-03 19:22

I have to say I didn't think about the phones etc that use Linux as I tend not to do too much on mine, and you are definitely right about how popular the kernel is, but it is usually the surrounding applications that cause the problems and with Linux being very different between different OS's it makes it a little harder to compromise any given system, especially as most malware requires a certain version of a vulnerable software to be effective.

I think we are likely to see most impact with mobile phones as they seem to use a set format for everything so an attacker will already know a lot about any Android device's system layout. Hopefully Android developers will keep on top of the worst and users will be vigilant and report any suspicious applications that are found. I know it would not stop an attacker but as long as we don't make it easy for them we can be relatively safe (for now at least).

bin · 2019-06-04 06:21

First step towards safety is to set the sudo timeout to 0 in /etc/sudoers.d/q4_sudo_confd

This does however raise an interesting (bug?) for which I'll open a support topic.

Last edited by bin (2019-06-04 06:53)

Dai_trying · 2019-06-04 09:23

This is where you have to maintain a balance of security Vs convenience, I don't usually change this setting as I find it convenient to only have to type my password once when performing a session of tasks that need privileges. But like all things it is a matter of preference and I would never say that the way I do things is the best way, just my way.

crosscourt · 2019-08-04 19:08

Speaking to Dai's comment about Linux with Japan and South Korea, heres a list of countries that use national operating systems based on Linux. https://itsfoss.com/linux-national-os/ Slightly old article but most of the listings are still relevant.

Also agree with Dai's comment about not being too worried about it.

Last edited by crosscourt (2019-08-04 19:11)

Dai_trying · 2019-08-04 19:57

crosscourt wrote:

Also agree with Dai's comment about not being too worried about it.

One of my Motto's

crosscourt · 2019-08-04 20:04

LOL!!!! Nice!

Rademes · 2019-08-10 19:50

There are eight viruses in Linux!
One of them is targeted to specific Linux system.
Two of them are not working.
And Five of them are located between chair and monitor!

The worst virus is inexperienced user with root access.

Last edited by Rademes (2019-08-10 19:58)

JimW · 2019-08-10 20:44

The worst virus is inexperienced user with root access.

I think that is also known as the ID TEN T error. (ID10T)

crosscourt · 2019-08-10 20:56

LoL!! Inexperienced users and what I call non-cooperative users are the cause of most issues, totally agree.

upALLnight · 2019-10-02 23:18

crosscourt wrote:

LoL!! Inexperienced users and what I call non-cooperative users are the cause of most issues, totally agree.

Someone call me?

Yep, one of those dreaded noObs, a bloatware refugee blundering about with a terminal and the trigger safety set to "off" ... jokes aside, tho, I am a bloatware refugee, and I have been blundering about with a terminal. Is there a way to double-check the integrity of Q4os installation?

Also, is there an easy, noob-style way to close open ports?

deanr · 2019-10-04 19:40

crosscourt wrote:

Speaking to Dai's comment about Linux with Japan and South Korea, heres a list of countries that use national operating systems based on Linux. https://itsfoss.com/linux-national-os/ Slightly old article but most of the listings are still relevant.
Also agree with Dai's comment about not being too worried about it.

Fascinating. Thanks for the link!

Q4OS Forum

#1 2019-06-03 11:16

HiddenWasp Malware Stings Targeted Linux Systems

#2 2019-06-03 14:17

Re: HiddenWasp Malware Stings Targeted Linux Systems

#3 2019-06-03 19:04

Re: HiddenWasp Malware Stings Targeted Linux Systems

#4 2019-06-03 19:22

Re: HiddenWasp Malware Stings Targeted Linux Systems

#5 2019-06-04 06:21

Re: HiddenWasp Malware Stings Targeted Linux Systems

#6 2019-06-04 09:23

Re: HiddenWasp Malware Stings Targeted Linux Systems

#7 2019-08-04 19:08

Re: HiddenWasp Malware Stings Targeted Linux Systems

#8 2019-08-04 19:57

Re: HiddenWasp Malware Stings Targeted Linux Systems

#9 2019-08-04 20:04

Re: HiddenWasp Malware Stings Targeted Linux Systems

#10 2019-08-10 19:50

Re: HiddenWasp Malware Stings Targeted Linux Systems

#11 2019-08-10 20:44

Re: HiddenWasp Malware Stings Targeted Linux Systems

#12 2019-08-10 20:56

Re: HiddenWasp Malware Stings Targeted Linux Systems

#13 2019-10-02 23:18

Re: HiddenWasp Malware Stings Targeted Linux Systems

#14 2019-10-04 19:40

Re: HiddenWasp Malware Stings Targeted Linux Systems

Board footer