VulnHub

Real-time Cybersecurity News

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

Security Affairs
Actively Exploited
LinuxMalware

Overview

Researchers have discovered a new piece of malware called Quasar Linux RAT (QLNX), which is specifically designed to target developers and DevOps environments. This remote access tool (RAT) can steal sensitive information such as credentials, log keystrokes, and monitor clipboard activity. It also allows attackers to manipulate files and create network tunnels for ongoing access. The stealthy nature of QLNX makes it particularly concerning, as it can operate without leaving traditional traces on the system. This incident highlights the risks developers face and emphasizes the importance of securing development environments against such targeted attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Linux operating systems, specifically those used in development and DevOps environments.
  • Action Required: Implement security best practices, such as regular updates, monitoring for unusual activity, and using endpoint protection solutions.
  • Timeline: Newly disclosed

Original Article Summary

Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malicious code can steal credentials, log keystrokes, manipulate files, monitor clipboard activity, and create network tunnels […]

Impact

Linux operating systems, specifically those used in development and DevOps environments.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Implement security best practices, such as regular updates, monitoring for unusual activity, and using endpoint protection solutions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, Malware.

Read Original Article

Related Coverage

Security Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

The Security Affairs newsletter has issued its latest edition, which includes a focus on the Quasar Linux RAT (QLNX), a fileless Linux implant designed for stealth and persistence. This malware allows attackers to remotely access and control infected systems without leaving traditional traces, making detection difficult. The article emphasizes the importance of awareness around such threats, as they can compromise sensitive data and disrupt operations for individuals and organizations using Linux systems. Users and administrators are urged to implement strong security measures to defend against these types of attacks.

May 10, 2026

Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! - SWN #579

SCM feed for Latest

The article discusses several cybersecurity topics, including new vulnerabilities and incidents. Notably, it mentions a zero-day exploit affecting Canvas, a learning management system used by educational institutions. This vulnerability could allow attackers to execute unauthorized code, putting sensitive student data at risk. Additionally, it highlights the QuasarRat malware, which has been observed in the wild, targeting various systems. The article also touches on compliance issues faced by companies like Anthropic regarding EU regulations, which can impact their operations. Overall, these developments serve as a reminder for organizations to stay vigilant and update their security measures regularly to protect against evolving threats.

May 8, 2026

Fake macOS Troubleshooting Sites Used to Steal iCloud Data in ClickFix Scam

Hackread – Cybersecurity News, Data Breaches, AI and More

Microsoft researchers have identified a new scam called ClickFix that targets macOS users. Attackers are creating fake troubleshooting guides on platforms like Medium and Craft, tricking users into executing Terminal commands that deploy malicious software known as AMOS and SHub Stealer. This malware is designed to steal iCloud data, which can lead to significant personal and financial loss for affected users. The campaign highlights the need for vigilance among macOS users, as these deceptive tactics can easily lure unsuspecting individuals into compromising their personal information. Awareness and skepticism towards unsolicited troubleshooting advice are crucial in protecting one's digital assets.

May 8, 2026

ShinyHunters Claims Second Attack Against Instructure

darkreading

Instructure, the edtech company known for its learning management systems, is facing a serious cybersecurity incident as the hacker group ShinyHunters claims responsibility for a second attack. This breach reportedly puts personal identifiable information (PII) of hundreds of millions of users at risk. The company is currently struggling to regain control and secure its systems from these hackers. The implications of this breach are significant, as it could lead to identity theft and other forms of exploitation for affected individuals. As the situation unfolds, users and institutions relying on Instructure's services need to stay vigilant about their data security.

May 8, 2026

'Dirty Frag' Linux zero-day exposes most distributions to LPE

SCM feed for Latest

A newly discovered zero-day vulnerability, dubbed 'Dirty Frag', affects most Linux distributions and allows attackers to escalate their privileges to root level. This means that a malicious actor could gain full control over a compromised system, putting sensitive data and operations at risk. The vulnerability is particularly concerning because it impacts a wide range of systems, making it a significant threat for both individual users and organizations that rely on Linux. Researchers are urging users and system administrators to take immediate action to secure their systems. The exact details of how this vulnerability can be exploited are still being analyzed, but the potential for active exploitation is high, prompting a call for swift remediation efforts.

May 8, 2026

Australian organizations warned of Vidar Stealer malware campaign using ClickFix technique

SCM feed for Latest

The Australian Cyber Security Center (ACSC) has alerted organizations about a new campaign distributing the Vidar Stealer malware through a method known as ClickFix. This technique employs social engineering tactics to trick users into downloading the malware, which is designed to steal sensitive information. The warning comes amidst growing concerns over the effectiveness of such tactics in infiltrating networks. Organizations in Australia need to be particularly vigilant as this campaign targets them directly, emphasizing the importance of user education and robust security practices. Failure to address these threats could lead to significant data breaches and financial losses.

May 8, 2026