Unveiling the New Linux Version of DinodasRAT: A Threat to Cybersecurity

Discover the latest threat posed by the new Linux version of DinodasRAT, a multi-platform backdoor allowing malicious actors to surveil and harvest sensitive data. Learn about its targets, persistence methods, communication protocols, and affected regions.
Unveiling the New Linux Version of DinodasRAT: A Threat to Cybersecurity

New Linux Version of DinodasRAT Discovered

In a recent discovery by Kaspersky, a new Linux version of DinodasRAT, also known as XDealer, has been identified. This multi-platform backdoor poses a significant threat as it allows malicious actors to surveil and harvest sensitive data from a target’s computer.

When executed, the Linux version of DinodasRAT targets Red Hat-based distributions and Ubuntu Linux. To ensure stealth, it creates a hidden file in the same directory as the executable, allowing only one instance to run at a time. The backdoor establishes persistence by launching itself as a daemon and installing a suitable init script for either Systemd or SystemV.

Before connecting to the C2 server, the backdoor collects information about the infected machine and infection time to create a unique identifier. This identifier includes the date of infection, MD5 hash of the dmidecode command output, a randomly generated number as ID, and the backdoor version. Notably, user-specific data is not collected to generate this UID.

The communication with the C2 server is done using TCP or UDP, with the C2 domain and port hard-coded into the binary. DinodasRAT utilizes Pidgin’s libqq qq_crypt library functions for encryption and decryption of communication between the implant and the C2, as well as data encryption.

The infrastructure supporting the Linux versions of DinodasRAT was found to be operational at the time of analysis. Countries and territories most affected by this threat include China, Taiwan, Turkey, and Uzbekistan.

For more information on backdoors, DinodasRAT, Linux, malware, and related topics, refer to the glossary provided by Securelist. Stay informed and protected against evolving cyber threats.


With a love for unraveling complex tech puzzles, our meticulous journalist at NixOSPro sifts through mountains of information to bring you the latest Nix and NixOS tips. When not glued to a computer screen, you can find them exploring new vegan recipes and dabbling in urban gardening.