New Cross-Platform Malware ‘Noodle RAT’ Targets Windows and Linux Systems

New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

June 13, 2024 at 02:42AM

Chinese-speaking threat actors have utilized a new cross-platform malware, Noodle RAT, for espionage or cybercrime since at least July 2016. This previously undocumented backdoor is distinct from existing malware, with both Windows and Linux versions. Analysis suggests it’s shared among Chinese-speaking groups and likely sold commercially within China’s cyber espionage ecosystem.

From the meeting notes, it is clear that a new cross-platform malware called Noodle RAT has been discovered and attributed to Chinese-speaking threat actors. This previously undocumented malware has been in use for several years and is distinct from existing malware like Gh0st RAT and Rekoobe.

Noodle RAT comes in Windows and Linux versions and has been associated with different threat actor groups, including those engaged in cybercrime and espionage. It is capable of various malicious activities such as downloading/uploading files, running additional types of malware, and initiating remote access.

The research also suggests that Noodle RAT may be sold or shared among Chinese-speaking groups and has been misclassified and underrated for years. The development of this malware ties into a larger ecosystem of cyber espionage and state-sponsored activities in China, involving both private sector firms and government entities.

Furthermore, the notes mention a spear-phishing campaign linked to China-based threat actor Mustang Panda, targeting Vietnamese entities using tax- and education-themed lures to deliver Windows Shortcut (LNK) files designed to likely deploy the PlugX malware.

Overall, the meeting notes highlight the significance of Noodle RAT and its implications within the context of Chinese-speaking threat actors and their activities in cyber espionage and cybercrime.

Full Article