Ethical Hacking News
Quasar Linux (QLNX) is a new stealthy Linux malware that targets software developers with its mix of rootkit, backdoor, and credential-stealing capabilities. It can bypass enterprise security controls and gain long-term persistence on developer workstations, making it a significant threat to the industry.
The Quasar Linux (QLNX) malware is a newly discovered stealthy Linux malware designed to bypass enterprise security controls.QLNX features multiple functional blocks for specific activities, making it a complete attack tool.The malware can be deployed on various platforms, including npm, PyPI, GitHub, AWS, Docker, and Kubernetes, enabling supply-chain attacks.QLNX is designed for stealth and long-term persistence, using techniques such as in-memory execution, log wiping, and spoofed process names.The malware uses seven distinct persistence mechanisms to load into every dynamically linked process and respawn if killed.QLNX can target developer credentials, combining credential harvesting with PAM-based backdoors that intercept plaintext authentication data.The malware has not been attributed to any specific attack or threat actor, but its deployment volume is unclear.The discovery of QLNX highlights the importance of robust security measures in the software development industry.
The software development industry has been targeted by a newly discovered stealthy Linux malware called Quasar Linux (QLNX), which is designed to bypass enterprise security controls and gain long-term persistence on developer workstations. According to researchers at cybersecurity company Trend Micro, QLNX features multiple functional blocks dedicated to specific activities, making it a complete attack tool.
The malware kit is deployed in development and DevOps environments on various platforms, including npm, PyPI, GitHub, AWS, Docker, and Kubernetes. This could enable supply-chain attacks where the threat actor publishes malicious packages on code distribution platforms. QLNX was designed for stealth and long-term persistence, as it runs in-memory, deletes the original binary from disk, wipes logs, spoofs process names, and clears forensic environment variables.
Researchers at Trend Micro analyzed the QLNX implant and found that it dynamically compiles rootkit shared objects and PAM backdoor modules on the target host using GCC. The malware uses seven distinct persistence mechanisms, including LD_PRELOAD, systemd, crontab, init.d scripts, XDG autostart, and ‘.bashrc’ injection, ensuring it loads into every dynamically linked process and respawns if killed.
One of the most concerning aspects of QLNX is its ability to target developer credentials. The malware kit combines credential harvesting (SSH keys, browsers, cloud and developer configs, /etc/shadow, clipboard) with PAM-based backdoors that intercept and log plaintext authentication data. This allows attackers to access sensitive information without being detected.
The Quasar Linux implant was discovered by researchers at Trend Micro, who noted that it has not been attributed to any specific attack or threat actor. However, the deployment volume and specific activity levels of this new malware are unclear due to the lack of attribution.
The discovery of QLNX highlights the importance of robust security measures in the software development industry. Developers must be vigilant when working on sensitive projects and ensure that their systems are protected from attacks like QLNX. The use of code signing, secure coding practices, and regular security audits can help prevent such attacks.
In conclusion, Quasar Linux (QLNX) is a newly discovered stealthy Linux malware that targets software developers with its mix of rootkit, backdoor, and credential-stealing capabilities. Its ability to bypass enterprise security controls and gain long-term persistence on developer workstations makes it a significant threat to the software development industry.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Stealthy-Linux-Malware-Targets-Software-Developers-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/
https://www.trendmicro.com/en_us/research/26/e/quasar-linux-qlnx-a-silent-foothold-in-the-software-supply-chain.html
https://www.cybersecurity-review.com/quasar-linux-qlnx-inside-a-full-featured-linux-rat/?lcp_page0=5
Published: Wed May 6 01:54:11 2026 by llama3.2 3B Q4_K_M
