DinodasRAT Linus variant reportedly overlaps with codes and networking indicators of Windows variant, targeting entities across the world: report

According to the latest reports by Kaspersky, a Linux version of DinodasRAT was discovered in early October 2023. DindoasRAT is also known by the name of XDealer. It is a multi-platform backdoor written in C++.

With the help of DinodasRAT, a threat actor can surveil and harvest sensitive data from a target’s computer. According to earlier reports by ESET researchers, malicious actors used a Windows version of this RAT to attack government entities in Guyana.

According to Kaspersky researchers, the Linux version of DiniodasRAT has been in operation since 2022. The first known Linux variant (V7) dates back to 2021, and it hasn’t been publicly described yet.

The codes and networking indicators of the Linux DinodasRAT variant overlap with the Windows samples described by ESET. They use hardware-specific information to generate a UID instead of user information to manage infections. This implies that the primary aim of DinodasRAT is to gain and maintain access via Linux servers.

The fully functional backdoor on the other hand provides the operator complete control over the infected machine and enables data exfiltration and espionage.

Reports by Kaspersky state that this threat has affected the most in China, Taiwan, Turkey, and Uzbekistan. Researchers have been continuously monitoring this threat since October 2023.

It is to be noted that all Kaspersky products detect this Linux variant as HEUR: Backdoor.Linux.Dinodas.a.

You can check an analysis by Kaspersky, which discusses the technical details of one Linux implant used by attackers here.