Malware Spotlight Linodas aka DinodasRAT for Linux
A Chinese-nexus cyber espionage threat actor is focusing on Southeast Asia Africa and South America aligning with insights on threat actor Earth Krahang. The actor uses a cross-platform backdoor DinodasRAT aka XDealer linking it to Chinese actor LuoYu. While the Windows version is analyzed the Linux version is not. Here we analyze Linux version 11 of DinodasRAT called Linodas. It adds Linux-specific capabilities like reverse shells and logs monitoring. The latest version hides malware via a module proxying/modifying system binaries. Linodas shows continued targeting of Linux servers as pivot points in networks.