Researchers have recently uncovered a malware being called “HiddenWasp,” which targets Linux Systems. HiddenWasp uses the code from multiple different strains of malware to perform its tasks. Similar to the Winnti malware strain, a basic overview of the malicious software reveals that it consists of an initial deployment script, a user-mode rootkit, and a trojan. Files pertaining to the malware were found on VirusTotal and included a bash script that releases the malware and after it is executed, it downloads a tar compressed archive. In that archive are the three parts that makeup HiddenWasp. A majority of the code is from the Azazel rootkit and similar pieces to the Mirai botnet make up the user-mode rootkit. HiddenWasps trojan is made up of statically-linked ELF binary in connection with stdlibc++, as well as code from a malware that can perform DDoS attacks known as Elknot. What’s dangerous about HiddenWasp is that it has a zero percent detection rate on Linux systems. Researchers stated, “Linux malware may introduce new challenges for the security community that we have not yet seen in other platforms. The fact that this malware manages to stay under the radar should be a wake-up call for the security industry to allocate greater efforts or resources to detect these threats.”