VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Quasar Linux RAT (QLNX) — Threat: Developer Credential Theft and Software Supply Chain Compromise

Quasar Linux RAT (QLNX) — угроза: кража учётных данных разработчиков и компрометация цепочки поставок ПО

Colleagues, an important cybersecurity alert: a Linux implant named Quasar Linux RAT (QLNX) targeting developer systems has been identified.

Findings:
- QLNX harvests secrets and tokens (e.g. .npmrc, .pypirc, .git-credentials, .aws/credentials, .kube/config, .docker/config.json, .env), intercepts credentials via PAM, records keystrokes and can establish tunnels.
- Evasion and resilience: runs in-memory, masquerades as a system process, employs userland and eBPF rootkit techniques, multiple persistence mechanisms, and log wiping.

Why it matters: compromise of developer accounts enables package tampering and grants access to cloud environments and CI/CD pipelines.

Have you audited your pipelines and tokens?

#cybersecurity #supplychain #DevOps #Linux

Latest comments

No comments yet.