Key Findings Researchers discovered QLNX, a previously undocumented Linux remote access trojan targeting developers and DevOps environments The malware operates entirely from memory using memfd_create to avoid disk detection QLNX includes embedded C source code for PAM backdoors and LD_PRELOAD rootkits that dynamically compile on target systems The implant supports 58 command handlers including keylogging, credential theft, SSH lateral movement, and eBPF-based hiding Communic