Kaspersky, a cybersecurity company, has identified a new variant of the DinodasRAT malware specifically designed to target Linux systems.
The malware targeting Linux systems has been actively compromising organisations in China, Taiwan, Turkey, and Uzbekistan since at least October 2023, according to a report from Kaspersky’s Global Research and Analysis Team (GReAT).
DinodasRAT is a multi-platform Remote Access Trojan (RAT) – a type of malware that allows attackers to remotely control compromised devices.
Once a system is compromised, DinodasRAT establishes contact with a command and control server (C2 server) – a server used by attackers to communicate with infected devices. According to the report, it then steals sensitive data from the victim’s computer and creates a profile containing information about the system’s ID, privilege level, and other relevant details. This profile is stored in a hidden file.
According to a report from Securelist, “This RAT allows the malicious actor to surveil and harvest sensitive data from a target’s computer.” The discovery of a Linux version highlights that even Linux systems, known for their security strength, are vulnerable to cyberattacks.
According to the Kaspersky report, this variant, written in C++, is designed to infiltrate Linux systems undetected. It gathers information from the infected machine to create a unique identifier without collecting user-specific data. This approach helps the malware bypass initial detection mechanisms.
Once a system is compromised, DinodasRAT establishes contact with a command and control server (C2 server) – a server used by attackers to communicate with infected devices. According to the report, it then steals sensitive data from the victim’s computer and creates a profile containing information about the system’s ID, privilege level, and other relevant details. This profile is stored in a hidden file.
The malware empowers attackers to surveil the target machine, steal data, and take complete control over the system. It is programmed to transmit stolen data back to the C2 server every two minutes and ten hours.
Kaspersky products detect this threat as HEUR:Backdoor.Linux.Dinodas.a. Security researcher Lisandro Ubiedo from Kaspersky’s GReAT stated, “Half a year after ESET’s announcement regarding the Windows variant of DinodasRAT, we have uncovered a fully functional Linux version of the malware. This underscores the fact that cybercriminals are continuously developing their tools to evade detection and target more victims. We urge all members of the cybersecurity community to exchange knowledge about the latest findings to ensure the cyber safety of businesses.”
Recommendations for Protection
Kaspersky recommends the following steps to protect against threats like DinodasRAT:
- Regular Security Audits: Regularly assess your organisation’s security posture to identify and address weaknesses or gaps.
- Employee Awareness: Train employees to be vigilant about suspicious emails, links, and activities. Encourage them to report such incidents to the IT or security team.
- Security Solutions: Implement comprehensive security solutions like Kaspersky Endpoint Security for Business to safeguard against evolving threats.
- Secure Remote Access: If remote access is necessary, ensure methods like VPNs or secure remote desktop protocols are properly configured to prevent unauthorised access.
