DinodasRAT Malware targets Linux Servers in Espionage Campaign.
Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. DinodasRAT creates a hidden file in the directory where its binary resides, which acts as a mutex to prevent multiple instances from running on the infected device.
ESET assesses with medium confidence that a cyberespionage campaign targeting a Guyana government entity is linked to a China-aligned threat actor. Initial infection was through spearphishing emails. ESET detailed the use of a new C++ backdoor dubbed DinodasRAT used for C2, with the exfiltrated data encrypted using the Tiny Encryption Algorithm (TEA). The threat actors also deployed Korplug. IOC provided. Link:https://www.welivesecurity.com/en/eset-research/operation-jacana-spying-guyana-entity/