Kaspersky has uncovered a new Linux-targeted DinodasRAT backdoor variant, actively compromising organizations in China, Taiwan, Turkey, and Uzbekistan since at least October 2023. This variant allows cybercriminals to covertly monitor and control compromised systems, highlighting that even Linux’s renowned security is not impervious to threats.
Kaspersky Global Research and Analysis Team (GReAT) has unveiled details behind a Linux variant of the multi-platform DinodasRAT backdoor, which has been targeting entities in China, Taiwan, Turkey, and Uzbekistan since October 2023. Discovered during ongoing investigations into suspicious activities, this variant shares code and network indicators with the Windows version previously identified by ESET.
This Linux variant, developed in C++, is designed to infiltrate Linux infrastructures undetected, demonstrating cybercriminals’ advanced capabilities to exploit even the most secure systems. Upon infection, the malware collects essential information from the host machine to create a unique identifier (UID) without gathering user-specific data, thereby avoiding early detection.
Once contact with the C2 server is established, the implant stores all local information regarding the victim’s ID, privilege level, and other relevant details in a hidden file named “/etc/.netc.conf”. This profile file contains the metadata collected by the backdoor at that time. This RAT empowers the malicious actor to surveil and harvest sensitive data from a target’s computer, as well as take full control over the victim’s machine. The malware is programmed to automatically send the captured data every two minutes and 10 hours.
All Kaspersky products detect this Linux variant as HEUR:Backdoor.Linux. Dinodas.a.
“Half a year after ESET’s announcement regarding the Windows variant of DinodasRAT, we have uncovered a fully functional Linux version of the malware. This underscores the fact that cybercriminals are continuously developing their tools to evade detection and target more victims. We urge all members of the cybersecurity community to exchange knowledge about the latest findings to ensure the cyber safety of businesses,” adds Lisandro Ubiedo, a security expert at Kaspersky’s GReAT (Global Research and Analysis Team).
Learn more about DinodasRAT versions on Securelist.com. A more detailed analysis is available to customers of Kaspersky’s private Threat Intelligence Reports.
To protect yourself from threats like DinodasRAT, Kaspersky experts recommend:
-
Regular Security Audits: Conduct regular security audits and assessments to identify any weaknesses or gaps in your organization’s security posture. Address any findings promptly to mitigate risks.
-
Employee Vigilance: Encourage employees to remain vigilant and report any suspicious emails, links, or activities to the IT or security team immediately. Provide clear channels for reporting incidents anonymously if necessary.
-
Use security solution: Invest in comprehensive security solutions, such as Kaspersky Endpoint Security for Business, protects against latest security threats.
-
Secure Remote Access: If employees need to access company resources remotely, ensure that remote access methods, such as virtual private networks (VPNs) or secure remote desktop protocols, are properly configured and secured to prevent unauthorized access