A Linux version of DinodasRAT, a multi-platform backdoor, has emerged, targeting nations including China, Taiwan, Turkey, and Uzbekistan, as revealed by Kaspersky. Initially discovered by ESET targeting Guyana in 2023, this C++-based malware poses a significant threat, capable of extracting sensitive data from compromised systems. Trend Micro’s recent findings highlight its adoption by threat actors under the banner of Earth Krahang, signaling a widespread shift in cyber espionage tactics. Notably, its utilization by China-associated threat actors underscores the collaborative nature of cyber warfare tactics.
Kaspersky’s investigation uncovers the Linux variant (V10) of DinodasRAT, which targets Red Hat-based distributions and Ubuntu Linux systems. Employing SystemV or SystemD startup scripts for persistence, it communicates with remote servers to execute commands discreetly. Functionality includes file operations, process manipulation, shell command execution, and self-uninstallation, all while evading detection mechanisms and utilizing encryption for communication.
Unlike typical reconnaissance-focused tools, DinodasRAT prioritizes establishing and maintaining access to Linux servers, enabling extensive data exfiltration and espionage. Its discovery raises concerns about the security of Linux-based systems, particularly those utilized by government entities. With its full functionality and elusive nature, DinodasRAT exemplifies the evolving landscape of cyber threats and the ongoing challenges in defending against sophisticated attacks.
