Noodle RAT, a previously undisclosed cross-platform malware, has been utilized by Chinese-speaking threat actors for an extended period, serving purposes of both espionage and cybercrime. Initially misidentified as variants of existing malware like Gh0st RAT and Rekoobe, it has been recognized as a distinct threat. Operating since at least July 2016, this malware exists in Windows and Linux versions, with capabilities ranging from remote access to execution of additional malware.
Trend Micro’s analysis reveals that Noodle RAT is not merely a derivative of existing malware but represents a novel threat altogether. Despite its identification as a new entity, it shares similarities in command-and-control communications and configuration formats across its Windows and Linux variants. The malware’s development and distribution seem to be part of a broader ecosystem within China’s cyber espionage landscape, involving both private sector entities and state-sponsored actors.
The Linux variant of Noodle RAT has been observed in cybercrime and espionage activities associated with various groups linked to China. It facilitates actions such as launching reverse shells, file manipulation, and exploiting security vulnerabilities in public-facing applications. The malware’s sophistication is underscored by its utilization of known security flaws to breach Linux servers, deploying web shells for remote access and malware delivery.
Trend Micro’s findings suggest that Noodle RAT is likely circulated among Chinese-speaking groups, potentially available for sale or sharing within this community. The emergence of Noodle RAT underscores the evolving nature of cyber threats, with adversaries constantly refining and deploying new tools to achieve their objectives. This discovery serves as a reminder of the importance of robust cybersecurity measures to safeguard against emerging threats in an increasingly complex digital landscape.
Reference:
