Linux servers targeted by dangerous espionage malware as Windows threat makes the jump

News
By published

A known Windows malware was ported to Linux

Close up of the Linux penguin.
(Image credit: Linux)

A dangerous espionage malware, previously only used against Windows devices, is increasingly being observed on Linux machines, too, experts have warned.

Following earlier reports by ESET and Trend Micro, Kaspersky is now warning of the Dinodas Remote Access Trojan (RAT), signaling the rising popularity of the malware. 

Kaspersky claims the backdoor is “fully functional, granting the operator complete control over the infected machine, enabling data exfiltration and espionage”. DinodasRAT is designed to monitor, control, and steal data from target endpoints. Besides stealing data, it can run processes, create a remote shell for direct command, or file execution, update and upgrade itself, uninstall itself and delete all traces of its existence.

XDealer and DinodasRAT

Older reports indicate that DinodasRAT is a Linux version of a known Windows RAT dubbed XDealer. Earlier in March, Trend Micro observed the Chinese APT group known as “Earth Krahang” using XDealer against both Windows and Linux systems belonging to “governments worldwide”.

The researchers did not detail how the attackers managed to drop the malware onto target endpoints, but did stress that since October 2023, the targets were mostly located in China, Taiwan, Turkey, and Uzbekistan.

Today, many nation-states are engaged in cyber-warfare, disrupting operations and stealing sensitive data from their adversaries. Besides China, there are notable threats coming from North Korea (Lazarus Group, for example), Russia (Fancy Bear), Iran (Scarred Manticore), and others. 

With war raging in Ukraine, China eyeing Taiwan, Israel engaged against Hamas, as well as other potential hotpots (the issues of migration in both Europe and the States, U.S. presidential elections), it is no wonder that not a day goes by without news of state-sponsored hacking groups engaging in cyber-espionage.

The rising popularity of DinodasRAT only demonstrates the increasing use of Linux-powered devices in government agencies around the world.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Close up of the Linux penguin.
A new Linux backdoor is hitting US universities and governments
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
China
Chinese hackers develop effective new hacking technique to go after business networks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about security
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen

Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
See more latest
Most Popular
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 25 (game #387)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 25 (game #653)