DinodasRAT evolved into a new strain that targets Linux servers

DinodasRAT, a previously identified malware that threatens Windows systems, has expanded its scope to target Linux servers. Based on reports, this new malware variant has already been operating since 2022, despite its recent identification in the digital landscape.

The late discovery of this new variant results from its numerous activities that exclusively target Windows in 2021.

On the other hand, a research group claimed that they had previously encountered DinodasRAT in a campaign dubbed ‘Operation Jacana,’ which targeted governmental bodies, implying that it could be a state-sponsored malware attack.

Moreover, other reports claimed that this malware is connected to a Chinese APT group, ‘Earth Krahang,’ since the group allegedly used DinodasRAT to infiltrate government systems that run on Windows and Linux OS worldwide.

 

The new DinodasRAT malware variant has an elusive tactic for targeting Linux servers.

 

According to investigations, the new variant of DinodasRAT malware stealthily creates a hidden file within its directory, serving as a mutex to prevent concurrent instances and infect Linux servers.

Subsequently, it establishes persistence on the compromised system using startup scripts, executing additional instances to obfuscate detection. Additionally, the malware’s communication with the C2 server occurs via TCP or UDP, employing encryption to secure data exchange.

DinodasRAT has various capabilities, such as monitoring user activities, executing commands from the C2 server, managing processes and services, offering remote shell access, proxying communications, and even self-updating and termination.

Hence, researchers emphasise the severity of the malware’s impact, highlighting that it grants attackers complete control over compromised machines, enabling data exfiltration and espionage.

While details about its initial infection transmitter remain unknown, reports indicate that its attack scope spread across countries such as China, Taiwan, Turkey, and Uzbekistan.

The arrival of the Linux-based DinodasRAT features the evolving nature of cyber threats, particularly in targeting critical infrastructure and governmental institutions. The threat posed by such sophisticated malware indicates the constant threat posed by malware developers against the digital landscape.

Linux-based device owners should be wary of this new threat as it prioritises government institutions to execute their cyberespionage operations.