China, Turkey, Taiwan, and Uzbekistan have been targeted with attacks deploying a Linux variant of the C++-based DinodosRAT malware since October, according to The Hacker News.
Aside from conducting file operations and command-and-control address modifications, DinodasRAT has also been enabling running process enumeration and termination, shell command execution, updated backdoor downloads, and self-uninstallation while leveraging the Tiny Encryption Algorithm to conceal malicious activity, a report from Kaspersky revealed.
"DinodasRAT's primary use case is to gain and maintain access via Linux servers rather than reconnaissance. The backdoor is fully functional, granting the operator complete control over the infected machine, enabling data exfiltration and espionage," said Kaspersky.
Such findings come after global attacks with DinodasRAT were reported to have been conducted by China-linked advanced persistent threat operation Earth Krahang against numerous government organizations. Intrusions with the Windows version of DinodasRAT had also been launched against a Guyana-based government entity in October, according to ESET.