Linux Variant of DinodasRAT Detected in Global Cyber-Attacks

Latest Discovery Unveils Sophisticated Linux-Based Malware Targeting Critical Infrastructure.

In a recent report by cybersecurity firm Kaspersky, the emergence of a Linux version of the notorious multi-platform backdoor, DinodasRAT, has sent shockwaves across the global cybersecurity landscape. The malware, also known as XDealer, has been identified in cyber-attacks targeting nations including China, Taiwan, Turkey, and Uzbekistan, raising concerns about its potential impact on sensitive data and critical infrastructure.

This revelation comes after earlier findings from Slovak cybersecurity firm ESET uncovered a cyber espionage campaign dubbed Operation Jacana, where the Windows version of DinodasRAT was utilized to target a governmental entity in Guyana. More recently, Trend Micro disclosed details about a threat activity cluster known as Earth Krahang, which has transitioned to employing DinodasRAT in attacks against government entities worldwide since 2023.

Notably, DinodasRAT employs sophisticated evasion tactics to evade detection by debugging tools and monitoring systems. Like its Windows counterpart, the Linux variant leverages the Tiny Encryption Algorithm (TEA) to encrypt communications with its C2 servers, making it a formidable challenge for cybersecurity professionals to detect and mitigate.

Commenting on the threat posed by DinodasRAT, Kaspersky highlighted its primary objective of establishing and maintaining access to Linux servers, facilitating data exfiltration and espionage activities. With its full suite of capabilities, the backdoor grants threat actors complete control over compromised machines, posing a significant risk to organizations' cybersecurity posture and data integrity.