New advanced linux trojan/rootkit just discovered, servers still active

[dro...@gmail.com]

They are calling it HiddenWasp. Currently undetectable by all anti-virus platforms, who are now scrambling to update their software.

https://arstechnica.com/information-technology/2019/05/advanced-linux-backdoor-found-in-the-wild-escaped-av-detection/

Interesting read. Should be interesting which linux distro's got infected.

[dro...@gmail.com]

Here is a better article. Much more detail:

https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/

[Sphere]

This one shouldn't be a problem so long as dom0 is not compromised.
Also nice that we can just block 103.206.123[.]13 and 103.206.122[.]245

Also, this thing doesn't even survive a reformat so yeah nothing much to worry about (not unless they also aim to persist in your routers and other network devices).

[Yethal]

Based on the fact that it adds itself to /etc/rc.local for persistence it wouldn't even survive qube reboot