Piece of news of the day
ADVANCED SECURITY EUROPA
EOODUnveiling Quasar Linux: The Stealthy Threat Targeting Developers' Systems
06 May 2026Researchers at Trend Micro have discovered a new Linux implant called Quasar Linux (QLNX) that targets developers' systems with rootkit, backdoor, and credential-stealing capabilities.
This malware is being deployed in development and DevOps environments through platforms like npm, PyPI, GitHub, AWS, Docker, and Kubernetes.
QLNX is designed for stealth and persistence, using various techniques to ensure it loads into every dynamically linked process and respawns if killed.
The malware features multiple functional blocks including a RAT core, rootkit, credential access layer, surveillance module, networking and lateral movement capabilities, execution and injection engine, and filesystem monitoring.
By targeting developer workstations, attackers can gain access to valuable credentials for software delivery pipelines.
Trend Micro has provided indicators of compromise to help defenders detect and protect against QLNX infections.
