New stealthy Quasar Linux malware targets software developers
New stealthy Quasar Linux malware targets software developers
Publish Date: 2026-05-05 18:01:39
Source Domain: www.bleepingcomputer.com
Summary:
The previously undocumented Quasar Linux (QLNX) implant targets developers’ systems to execute advanced rootkit, backdoor, and credential-stealing tasks. Deployed through various development and DevOps platforms like npm, PyPI, GitHub, and AWS, this stealthy malware allows for possible supply-chain attacks. Researchers from Trend Micro noted that it dynamically compiles rootkits and PAM backdoors to maintain stealth and long-term persistence within systems. QLNX uses sophisticated persistence mechanisms, including the LD_PRELOAD method, systemd, and XDG autostart, among others. It features a comprehensive array of tools within multiple components, such as a central remote access tool (RAT), a stealthy rootkit dual-layer setup, surveillance modules – The generated text has been blocked by our content filters.
