A dangerous spy malware, previously only used against Windows devices, is also increasingly being spotted on Linux machines, experts warn.
Following previous reports from ESET and Trend Micro, Kaspersky now warns about the Dinodas Remote Access Trojan (RAT), indicating the malware’s rising popularity.
Kaspersky claims the backdoor is “fully functional, giving the operator full control over the infected machine, enabling data exfiltration and spying.” DinodasRAT is designed to monitor, control and steal data from target endpoints. In addition to stealing data, it can also run processes, create a remote shell for direct commands, or execute files, update and upgrade itself, uninstall itself and delete all traces of its existence.
XDealer and DinodasRAT
Older reports indicate that DinodasRAT is a Linux version of a well-known Windows RAT called XDealer. Earlier in March, Trend Micro observed that the Chinese APT group known as “Earth Krahang” was using XDealer against both Windows and Linux systems from “governments around the world.”
The researchers did not specify how the attackers managed to plant the malware on target endpoints, but did highlight that as of October 2023, the targets were mainly in China, Taiwan, Turkey and Uzbekistan.
Today, many nation states are engaged in cyberwarfare, disrupting operations and stealing sensitive data from their adversaries. In addition to China, notable threats come from North Korea (for example, the Lazarus Group), Russia (Fancy Bear), Iran (Scarred Manticore), and others.
With the war raging in Ukraine, China eyeing Taiwan, Israel opposing Hamas and other potential hotspots (the issues of migration in both Europe and the United States, US presidential elections), it is no wonder that not a day goes by without news of state-sponsored hacking groups engaged in cyber espionage.
The rising popularity of DinodasRAT only demonstrates the increasing use of Linux-powered devices in government agencies around the world.
Through BleepingComputer