Quasar Linux RAT Targets Software Developers, Threatens Supply Chain Security
A sophisticated Linux backdoor, named Quasar Linux (QLNX), has been identified by Trend Micro as a significant threat to software developers. This Remote Access Trojan (RAT) is designed to steal developer credentials across the software supply chain. It features a modular architecture, multiple persistence and detection evasion mechanisms, and a rootkit that provides attackers with remote access to infected machines. The primary goal of QLNX is to steal credentials, keys, and tokens that could grant access to development tools, cloud environments, and repositories. It specifically targets AWS credentials, Kubernetes tokens, Docker Hub credentials, Git access tokens, NPM authentication tokens, and PyPI API keys. The malware is capable of deploying a Pluggable Authentication Module (PAM) backdoor to harvest credentials and gather extensive system information. 
