Teacher
Professional
- Messages
- 2,670
- Reaction score
- 783
- Points
- 113
The backdoor received an update and became even more functional.
Kaspersky Lab specialists have discovered a Linux version of the DinodasRAT (XDealer) multi-platform backdoor targeting China, Taiwan, Turkey and Uzbekistan. The remote access Trojan is designed in C++ and is able to extract a wide range of confidential data from infected systems.
The Windows version was used to attack Guyanese government offices as part of Operation Jacana last year. The Linux version of DinodasRAT (V10) was discovered in early October 2023. The first known version (V7) dates back to 2021. It is mainly aimed at distributions based on Red Hat and Ubuntu Linux. After launching, the malware establishes a permanent presence on the host using the SystemV or SystemD startup scripts and periodically accesses the remote server via TCP or UDP to receive commands.
DinodasRAT can perform file operations, change management and control addresses, list and terminate processes, execute shell commands, download a new version of the backdoor, and even delete itself. Measures are also taken to avoid detection by debugging and monitoring tools, and to encrypt communications with the management and control server, the Tiny Encryption Algorithm (TEA) is used, as in the Windows version.
The main purpose of DinodasRAT is to gain and maintain access through Linux servers, not intelligence. The backdoor gives the operator full control over the infected machine, which allows data exfiltration and espionage, as experts conclude.
Kaspersky Lab specialists have discovered a Linux version of the DinodasRAT (XDealer) multi-platform backdoor targeting China, Taiwan, Turkey and Uzbekistan. The remote access Trojan is designed in C++ and is able to extract a wide range of confidential data from infected systems.
The Windows version was used to attack Guyanese government offices as part of Operation Jacana last year. The Linux version of DinodasRAT (V10) was discovered in early October 2023. The first known version (V7) dates back to 2021. It is mainly aimed at distributions based on Red Hat and Ubuntu Linux. After launching, the malware establishes a permanent presence on the host using the SystemV or SystemD startup scripts and periodically accesses the remote server via TCP or UDP to receive commands.
DinodasRAT can perform file operations, change management and control addresses, list and terminate processes, execute shell commands, download a new version of the backdoor, and even delete itself. Measures are also taken to avoid detection by debugging and monitoring tools, and to encrypt communications with the management and control server, the Tiny Encryption Algorithm (TEA) is used, as in the Windows version.
The main purpose of DinodasRAT is to gain and maintain access through Linux servers, not intelligence. The backdoor gives the operator full control over the infected machine, which allows data exfiltration and espionage, as experts conclude.
