Kaspersky has discovered a new variant of the DinodasRAT backdoor for Linux, significantly compromising businesses in China, Taiwan, Turkey and Uzbekistan since at least October 2023. This variant allows cybercriminals to covertly monitor and control compromised systems, highlighting that even the well-known security of Linux is not immune to threats.
Kaspersky’s Global Research and Analysis Team (GReAT) has revealed details of a Linux variant of the cross-platform DinodasRAT backdoor, which has been targeting companies in China, Taiwan, Turkey and Uzbekistan since October 2023. Discovered during investigations into suspicious activity, this variant shares code and network indicators with the Windows version previously identified by ESET.
This Linux variant, developed in C++, is designed to infiltrate Linux infrastructures undetected, demonstrating the advanced capabilities of cybercriminals to exploit even the most secure systems. Upon infection, the malware collects essential information from the host computer to create a unique identifier (UID) without capturing user-specific data and thus avoiding early detection.
Once contact with the C2 server is established, the implant stores all local information relating to the victim’s ID, his privilege level and other relevant details in a hidden file called “/etc/.netc.conf”. This profile file contains the metadata collected by the backdoor at that time. This RAT allows the malicious actor to surveil and collect sensitive data from the victim’s computer, as well as take full control over it. The malware is programmed to automatically send detected data every two minutes and 10 hours.
All Kaspersky products detect this Linux variant as HEUR:Backdoor.Linux.Dinodas.a.
More information about DinodasRAT releases is available on Securelist.com. More detailed analysis is available to customers of Kaspersky’s private Threat Intelligence Report service.
To protect yourself from these threats, Kaspersky experts recommend:
•Regular security audits: Perform regular security audits and assessments to identify any weaknesses or gaps in your organization’s security framework. Address any findings promptly to reduce risks.
•Employee Vigilance: Encourage employees to exercise caution and immediately report any suspicious emails, links or activity to your IT or security team. If necessary, provide secure communication channels to report incidents anonymously.
•Use security solutions: Invest in comprehensive security solutions, such as Kaspersky Endpoint Security for Business, which protects against the latest security threats.
•Secure Remote Access: If employees need to access company resources remotely, it is important to ensure that access methods, such as VPNs or secure remote desktop protocols, are properly configured and secured to prevent unauthorized access.