A dangerous espionage malware, previously only used against Windows devices, is increasingly being observed on Linux machines, too, experts have warned.
Following earlier reports by ESET and Trend Micro, Kaspersky is now warning of the Dinodas Remote Access Trojan (RAT), signaling the rising popularity of the malware.
Kaspersky claims the backdoor is “fully functional, granting the operator complete control over the infected machine, enabling data exfiltration and espionage”. DinodasRAT is designed to monitor, control, and steal data from target endpoints. Besides stealing data, it can run processes, create a remote shell for direct command, or file execution, update and upgrade itself, uninstall itself and delete all traces of its existence.
XDealer and DinodasRAT
Older reports indicate that DinodasRAT is a Linux version of a known Windows RAT dubbed XDealer. Earlier in March, Trend Micro observed the Chinese APT group known as “Earth Krahang” using XDealer against both Windows and Linux systems belonging to “governments worldwide”.
The researchers did not detail how the attackers managed to drop the malware onto target endpoints, but did stress that since October 2023, the targets were mostly located in China, Taiwan, Turkey, and Uzbekistan.
Today, many nation-states are engaged in cyber-warfare, disrupting operations and stealing sensitive data from their adversaries. Besides China, there are notable threats coming from North Korea (Lazarus Group, for example), Russia (Fancy Bear), Iran (Scarred Manticore), and others.
With war raging in Ukraine, China eyeing Taiwan, Israel engaged against Hamas, as well as other potential hotpots (the issues of migration in both Europe and the States, U.S. presidential elections), it is no wonder that not a day goes by without news of state-sponsored hacking groups engaging in cyber-espionage.
The rising popularity of DinodasRAT only demonstrates the increasing use of Linux-powered devices in government agencies around the world.
Via BleepingComputer