Quasar Linux RAT Targets Software Developers, Threatens Credential Security
A newly identified Linux backdoor, named Quasar Linux (QLNX), is targeting software developers by stealing credentials across the software supply chain, according to Trend Micro. The RAT (Remote Access Trojan) features a modular architecture and employs multiple persistence and detection evasion mechanisms. It is designed to steal developer credentials, keys, and tokens, potentially granting attackers access to development tools, cloud environments, and repositories. The malware targets AWS credentials, Kubernetes tokens, Docker Hub credentials, Git access tokens, NPM authentication tokens, and PyPI API keys. This could allow attackers to publish malicious packages through compromised developer accounts. The RAT operates in memory, spoofs its process name, and can delete itself to evade detection. It also performs system reconnaissance, hides specific processes, ports, and files, and clears system logs. 
