"Quasar Linux, or QLNX, is described as a modular platform that combines rootkit functionality, remote access, and credential theft, posing significant risks to software developers."
"The malware employs stealth techniques, running primarily in system memory and erasing traces of its presence by clearing log files and altering process names."
"QLNX's functionality includes keylogging, taking screenshots, and monitoring clipboard content, as well as collecting system data and stealing SSH keys."
"The active deployment of QLNX in environments like npm, PyPI, and GitHub raises alarms about supply-chain attacks, where malware is distributed through popular code channels."
Quasar Linux (QLNX) is a new malware campaign targeting software developers and DevOps infrastructure. It features extensive espionage capabilities and stealth techniques to evade detection. QLNX operates in system memory, erasing traces and altering process names. It employs various Linux mechanisms for persistence, including systemd services and cron jobs. The malware can keylog, take screenshots, and steal sensitive data, including SSH keys and cloud configurations. Its deployment in environments like npm and GitHub raises concerns about potential supply-chain attacks.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]