A whole new kind of Linux malware has been found in the wild
You may be safe… for now
A new type of Linux malware has been identified after going unnoticed for two years thanks to work by cybersecurity researchers from Group-IB.
The newly uncovered Linux Remote Access Trojan (RAT), Krasue, was first registered on Virustotal, and has since been targeting primarily telecommunications companies in Thailand.
Group-IB says that Krasue “poses a severe risk to critical systems and sensitive data” because attackers can access a targeted network remotely.
Krasue Linux RAT
The cybersecurity analysts say that the malware contains several embedded rootkits, drawn from public sources, meaning that the RAT can support different Linux kernel versions.
However, Group-IB is yet to determine Krasue’s initial infection vector. So far, vulnerability exploitation, credential brute force attacks, and unwitting downloads as part of deceptive packages are all being considered.
Instead, the cybersecurity company says it’s disclosing the limited information it has at this point in order to prime Thai telecommunications companies so that they can be better prepared to secure themselves against such attacks. Group-IB has also notified the Thailand Computer Emergency Response Team (ThaiCERT) and the Thailand Telecommunications Sector Computer Emergency Response Team (TTC-CERT).
After analysis, it looks like the Krasue RAT might have been created by the same author as XorDdos – another Linux Trojan malware with rootkit capabilities for launching large-scale DDoS attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
But specific threat group attribution is hard because the RAT uses code snippets from three different open-source projects – Diamorphine, Suterusu, and Rooty – which have been available for over five years.
For now, Group-IB promises to continue monitoring the malware’s spread, including to other areas outside of Thailand.
More from TechRadar Pro
- Pretty much all Windows and Linux computers are vulnerable to this new cyberattack
- Boost your device’s protection by using one of the best firewalls
- Check out our roundup of the best endpoint protection
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!