Sophisticated Quasar Linux RAT Targets Software Developers
The persistent, evasive implant provides remote access, surveillance, and credential exfiltration capabilities. The post Sophisticated Quasar Linux RAT Targets Software Developers appeared first on SecurityWeek.
A recently identified Linux backdoor was designed to steal developer credentials across the software supply chain, Trend Micro warns.
Dubbed Quasar Linux (QLNX), the RAT has a modular architecture, uses multiple persistence and detection evasion mechanisms, packs a rootkit, and provides attackers with remote access to the infected machines.
The main purpose of QLNX, Trend Micro says, is the theft of developer credentials, keys, and tokens that could provide its operators with access to development tools, cloud environments, and repositories.
Source: https://www.securityweek.com/sophisticated-quasar-linux-rat-targets-software-developers/
Related breach coverage
- Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence2026-05-09
Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malicious code can steal credentials, log keystrokes, manipulate files, monitor clipboard activity, and create network tunnels […]
- In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner2026-05-08
Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry. The post In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner appeared first on SecurityWeek.
- Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking2026-05-07
Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. The post Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking appeared first on SecurityWeek.
- Vendor Says Daemon Tools Supply Chain Attack Contained2026-05-07
The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says Daemon Tools Supply Chain Attack Contained appeared first on SecurityWeek.