About two weeks ago an interesting malware was reported. This malware was targeting Linux systems. Dubbed HiddenWasp by the researchers who discovered it at Intezer, this malware is complex and, as of right now, 0% detectable by major security software.
But before you go dismissing this article and HiddenWasp as irrelevant to you, let me convince you otherwise. You may think Linux is just for the technologically savvy, the name of some tech something that you don’t quite understand, but in reality you do not have to know anything about it (or that you are using it) to use it.
Let me explain.
Linux is actually very much a part of your life! It is an operating system like Windows XP or Mac OS X, and it does things like start your computer, and manage your CPU and memory. Linux is an operating system that is also open-source software, which means that it is always being updated and improved by the community of developers who use it, and more importantly, it is free. Both of these contribute to its popularity. Consequently, even if you do not run Linux as an operating system on your own computer, the websites you browse are most-likely hosted on servers that run on Linux. And those are not the only things that you would expect to utilize Linux.
Linux in Your Life
Some other objects in your home might be running on Linux as well. Almost all of the Internet of Things (IoT)** devices uses an embedded Linux kernel or other Linux distribution. In 2018 a survey was conducted to understand which operating system developers were using for their IoT devices. Almost 3 out of 4 said they used Linux. This means your Nest – that fancy device that controls the air conditioning in your house – most likely uses Linux, as does your smart computer-enabled car in the garage.
Your smart phone you just used to text your father, “I love you” (It was Father’s day, did you forget?) probably uses a version of Linux if it runs Android OS. Even if you have a phone that doesn’t run on Linux (examples would be an iPhone or a Microsoft phone, both of which have their own operating systems), the by-products and side products most often do.
So who runs the world? Girls? Wrong, Linux. Sorry, Beyonce. Even Microsoft has been embracing the Linux operating system, releasing their own Linux kernel known as Azure Sphere, which became part of its Azure cloud hosting services in 2018.
Oh, Shoot! Tell Me More.
From what we know of this malware, it is pretty sophisticated. HiddenWasp contains a user-mode rootkit, a Trojan horse, and initial deployment script, as well as the Azazel rootkit (used for anti-debugging and anti-detection) and the infamous Mirai worm (creates bots used for DDoS attacks). This means it’s more than your average Trojan. Researchers believe it may be used as a second stage attack. In other words, the fraudsters use some other bug or vulnerability to initially compromise the system, and then infect the system with HiddenWasp, instead of using the malware to attack the system first. They also suspect this malware’s main purpose is to be used for targeted remote control.
After HiddenWasp is installed, it is pretty hard to get rid of. The malicious code contains a function that allows the malware to reinstall itself when it is removed, as well as another script which allows itself to self-update, so the host always has the latest version of the malicious code.
Are We Doomed?
This is pretty alarming. However, the good news is that because it has been discovered, security software firms will soon release detection signatures that will later become part of future updates. Only time, though, will tell if common security vendors are able to offer reliable detection methods.
So far, no infections of HiddenWasp have been reported, but that could be attributed to the fact that is still mostly undiscovered. To prevent an infection of your systems, whether that be your phone, your car, your house, or your servers, consider following the suggestions below:
Suggestions to Protect Against HiddenWasp
As previously stated, the malware is believed to be a second stage attack, relying on other ways to attack the server first. This means that as long as you are keeping your software and hardware up-to-date (for example: Ford and GM, among others, recently announced that some of their 2020 models will allow over-the-air (OTA) updates), use appropriate security services (like a firewall), and monitor your devices, you have a lower risk of being infected, and a better chance to minimize damages if you are.
Additionally, consistently backing up your information is a critical part of your defense against fraudsters and malware such as HiddenWasp. Because HiddenWasp can reinstall itself when removed, it is almost impossible to successfully remove the malware without doing a factory reset or os reinstall. Backing up your information, then, can be the saving grace that will help you avoid losing all of your data.
**The aggressive global adoption of IoT devices will mostly likely play a contributing role in the future of HiddenWasp since most IoT devices are known for not getting timely updates if any updates at all.
Further reverences:
https://www.linuxjournal.com/content/linux-and-internet-things
https://en.wikipedia.org/wiki/Linux
https://www.linux.com/what-is-linux
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
https://github.com/chokepoint/azazel
https://en.wikipedia.org/wiki/Mirai_(malware)
https://mobile.computerworld.com/article/2504054/microsoft-to-run-linux-on-azure.html
https://www.zdnet.com/article/microsoft-releases-its-first-linux-product/