Quasar Linux RAT (QLNX) — Threat: Developer Credential Theft and Software Supply Chain Compromise

Colleagues, an important cybersecurity alert: a Linux implant named Quasar Linux RAT (QLNX) targeting developer systems has been identified.
Findings:
- QLNX harvests secrets and tokens (e.g. .npmrc, .pypirc, .git-credentials, .aws/credentials, .kube/config, .docker/config.json, .env), intercepts credentials via PAM, records keystrokes and can establish tunnels.
- Evasion and resilience: runs in-memory, masquerades as a system process, employs userland and eBPF rootkit techniques, multiple persistence mechanisms, and log wiping.
Why it matters: compromise of developer accounts enables package tampering and grants access to cloud environments and CI/CD pipelines.
Have you audited your pipelines and tokens?
#cybersecurity #supplychain #DevOps #Linux


Latest comments
No comments yet.