March 31, 2024 at 10:42AM
Security researchers have observed the Linux version of DinodasRAT, also known as XDealer, targeting Red Hat and Ubuntu systems since at least 2022. The malware, previously detected on Windows, is part of espionage campaigns targeting government entities globally. The Linux variant creates persistence and communicates with a command and control server, granting attackers comprehensive control over compromised systems.
Key Takeaways from Meeting Notes:
– Linux version of the DinodasRAT, also known as XDealer, has been observed attacking Red Hat and Ubuntu systems and may have been operating since 2022.
– The Linux variant of the malware creates a hidden file for mutex, sets persistence using startup scripts, and communicates with a command and control (C2) server via TCP or UDP.
– DinodasRAT has capabilities to monitor and harvest data, execute commands from the C2, manage processes and services, provide a remote shell, proxy C2 communications, download new versions of the malware, and uninstall itself.
– The malware primarily targets Linux servers, giving the attacker complete control over compromised systems for data exfiltration and espionage.
– The malware has affected victims in China, Taiwan, Turkey, and Uzbekistan since October 2023, according to Kaspersky.
Please let me know if more information is required or if there are any additional details that need to be included.