top of page
ALL POSTS
JDownloader's Official Site Distributes Malware to Windows and Linux Users in Major Supply Chain Attack
Key Findings JDownloader's official website was compromised between May 6-7, 2026, serving malicious installers to Windows and Linux users instead of legitimate software Attackers deployed a Python-based remote access trojan (RAT) that gave them remote control over infected systems, with an 8-minute execution delay The breach was limited to the Windows "Alternative Installer" and Linux shell installer; macOS, in-app updates, and package managers remained unaffected Attackers
May 103 min read
Quasar Linux RAT (QLNX): A Fileless Implant Targeting Supply Chain with Stealth and Persistence
Key Findings Researchers discovered QLNX, a previously undocumented Linux remote access trojan targeting developers and DevOps environments The malware operates entirely from memory using memfd_create to avoid disk detection QLNX includes embedded C source code for PAM backdoors and LD_PRELOAD rootkits that dynamically compile on target systems The implant supports 58 command handlers including keylogging, credential theft, SSH lateral movement, and eBPF-based hiding Communic
May 94 min read
Harvester Deploys Linux GoGra Backdoor Across South Asia via Microsoft Graph API
Key Findings Harvester APT group deployed a new Linux variant of GoGra backdoor targeting South Asia, with samples linked to India and Afghanistan Malware abuses Microsoft Graph API and Outlook mailboxes as covert command-and-control infrastructure, bypassing traditional network defenses Linux and Windows versions share nearly identical code and identical developer mistakes, indicating same development team Attack chain uses social engineering to distribute ELF binaries disgu
Apr 233 min read
bottom of page
