top of page
ALL POSTS
Quasar Linux RAT (QLNX): A Fileless Implant Targeting Supply Chain with Stealth and Persistence
Key Findings Researchers discovered QLNX, a previously undocumented Linux remote access trojan targeting developers and DevOps environments The malware operates entirely from memory using memfd_create to avoid disk detection QLNX includes embedded C source code for PAM backdoors and LD_PRELOAD rootkits that dynamically compile on target systems The implant supports 58 command handlers including keylogging, credential theft, SSH lateral movement, and eBPF-based hiding Communic
May 94 min read
GlassWorm Campaign Exploits 72 VSX Extensions in Developer Supply-Chain Attack
Key Findings * GlassWorm campaign identified targeting developers through 72 malicious Open VSX extensions * Uses sophisticated supply-chain attack technique exploiting extension dependencies * Targets development environments to steal secrets and compromise systems * Employs advanced obfuscation and evasion techniques * Spans multiple platforms including Open VSX, GitHub, and npm registries Background The GlassWorm campaign represents an evolving threat in software supply ch
Mar 152 min read
bottom of page
