March 28, 2024 at 01:51PM
A Linux version of the multi-platform backdoor DinodasRAT has been detected by Kaspersky, targeting regions including China, Taiwan, Turkey, and Uzbekistan. It is a C++-based malware capable of harvesting sensitive data and is attributed to various China-nexus threat actors. The backdoor is designed to gain and maintain access via Linux servers for data exfiltration and espionage.
From the meeting notes, the key takeaways are:
1. DinodasRAT, also known as XDealer, is a C++-based multi-platform backdoor malware targeting countries including China, Taiwan, Turkey, and Uzbekistan.
2. The Linux version (V10) of DinodasRAT was discovered by Kaspersky in early October 2023, with evidence suggesting that the first variant (V7) dates back to 2021.
3. DinodasRAT is designed to target Red Hat-based distributions and Ubuntu Linux, establishing persistence on the host and periodically contacting a remote server to fetch commands.
4. The malware is capable of various malicious activities including file operations, changing command-and-control addresses, running shell commands, and performing espionage activities, such as data exfiltration.
5. DinodasRAT utilizes encryption and evasion techniques to avoid detection, making it a significant cybersecurity threat.
These findings highlight the need for increased vigilance and security measures to protect against the spread of DinodasRAT and similar threats.