Recently, cybersecurity experts have noticed a concerning threat to Linux servers worldwide. Known as DinodasRAT (also referred to as XDealer), this malicious software has been identified targeting systems running Red Hat and Ubuntu operating systems. The campaign, suspected to have been operational since 2022, signifies a growing concern for server security.
While the Linux variant of DinodasRAT has been detected, details about its operation remain limited. However, previous versions have been traced back to 2021, indicating a persistent threat. Notably, DinodasRAT has previously targeted Windows systems in a campaign dubbed ‘Operation Jacana,’ focusing on governmental entities.
Trend Micro reported on the activities of a Chinese APT group identified as ‘Earth Krahang,’ utilising XDealer to breach both Windows and Linux systems of governmental organisations globally. This revelation underlines the severity and scope of the threat posed by DinodasRAT.
According to insights provided by Kaspersky researchers, the Linux version of DinodasRAT exhibits sophisticated behaviour upon execution. It establishes persistence on the infected device through SystemV or SystemD startup scripts and creates a hidden file acting as a mutex to prevent multiple instances from running simultaneously. Furthermore, the malware communicates with a command and control (C2) server via TCP or UDP, ensuring secure data exchange through encryption algorithms.
DinodasRAT possesses a range of capabilities designed to monitor, control, and exfiltrate dat
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.