New stealthy Quasar Linux malware targets software developers
ATT&CK techniques detected
T1555Credentials from Password Stores
46%
"combines credential harvesting ( ssh keys, browsers, cloud and developer configs, / etc / shadow, clipboard ) with pam - based backdoors that intercept and log plaintext authentication data. - surveillance module — keylogging, screenshot capture, and clipboard monitoring. - netwo…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1014Rootkit
42%
"##load, systemd, crontab, init. d scripts, xdg autostart, and ‘. bashrc ’ injection, ensuring it loads into every dynamically linked process and respawns if killed. qlnx features multiple functional blocks dedicated to specific activities, making it a complete attack tool. its co…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities. [...]