HiddenWasp is a malware that is unique to Linux, which targets systems to control them remotely. The research of the code revealed that the developers of the malware obtained some code from open-source malware variants of the Azazel rootkit and Mirai. However, most of the codes were uncommon. The threat also shared similarities with the recent Winnti Linux variants.
To check if your system is compromised, you can search for “ld.so” files. If any of the files do not show the string ‘/etc/ld.so.preload’, your system may be infected. This is because the trojan implant will attempt to implant instances of ld.so to enforce the LD_PRELOAD mechanism from arbitrary locations. To repair this infection, you simply need to use a good quality anti-malware software, and it will get rid of the problem for you.