Skip to content Skip to footer

Linux Backdoor DinodasRAT Targeting China, Taiwan, Turkey, and Uzbekistan: New Findings

has discovered a new version of , a multi-platform backdoor known as XDealer. The malware has been found in the wild and targets several countries, including China, Taiwan, Turkey, and Uzbekistan. is a C++-based malware that can harvest sensitive data from compromised hosts.

Interestingly, DinodasRAT has been associated with various China-nexus threat actors, including LuoYu, which reflects the prevalence of tool sharing among hacking crews acting on behalf of the country.

The first known variant of DinodasRAT was discovered in 2021, and found the latest version (V10) in early October 2023. The version of DinodasRAT is mainly designed to target Red Hat-based distributions and Ubuntu . Once executed, it establishes persistence on the host by using SystemV or SystemD startup scripts and periodically contacts a remote server over TCP or UDP to fetch commands.

Moreover, DinodasRAT can perform various functions such as file operations, change command-and-control (C2) addresses, enumerate and terminate running processes, execute shell commands, download a new backdoor version, and even uninstall itself. Additionally, it uses the Tiny Encryption Algorithm (TEA) to encrypt C2 communications and evade detection by debugging and monitoring tools.

warns that DinodasRAT's primary use case is gaining and maintaining access via servers, enabling data exfiltration and espionage. Recently, a threat activity cluster called Earth Krahang has used DinodasRAT in its attacks aimed at several government entities worldwide.

It is important to note that DinodasRAT has also been deployed in a cyber espionage campaign dubbed Operation Jacana, where the version of the malware was used to target a governmental entity in Guyana, according to Slovak cybersecurity firm ESET in October 2023.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Never send a boy to do a woman's job.Kate

Deitasoft © 2024. All Rights Reserved.