New Quasar Linux RAT Targets Developer Systems
A newly discovered Linux implant named Quasar Linux RAT is targeting developer systems to harvest credentials and facilitate software supply chain attacks.
A new Linux-based remote access trojan (RAT) dubbed Quasar Linux RAT (QLNX) has been identified, targeting developers and DevOps environments to facilitate software supply chain compromises [The Hacker News]. The implant is designed to establish a persistent, silent foothold on developer systems.
Once installed, QLNX provides attackers with a wide range of post-compromise capabilities, including credential harvesting, keylogging, file manipulation, clipboard monitoring, and the establishment of network tunnels [The Hacker News]. By targeting the systems used to build and deploy software, the malware aims to compromise the integrity of the software supply chain.
Security researchers are analyzing the implant to understand its distribution methods and full impact. Developers are encouraged to implement strict access controls, monitor for suspicious network activity, and ensure that their development environments are hardened against unauthorized access to prevent the deployment of such implants.