Attackers have found a new way to turn Linux systems into stealthy supply chain distribution hubs that are resistant to takedowns.
Researchers from Trend Micro have disclosed a new malware framework, dubbed Quasar Linux or QLNX, describing it as a modular Linux remote access trojan (RAT). But what sets the campaign apart is the malware using a P2P mesh capability that turns individual implants into an interconnected infection network, making the campaign difficult to kill.
QLNX also combines kernel-level rootkit functionality, PAM-based authentication backdoors, and persistence mechanisms to stay hidden on compromised systems while enabling attacker access.
“Quasar Linux RAT (QLNX) is a comp...