Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 18, 2026 | 19:24 UTC
4022 CVEs This Month
6 Actively Exploited
2 Ransomware Activity
18 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Supply Chain Incidents

New Quasar Linux RAT Targets Developer Credentials to Facilitate Software Supply Chain Attacks

Thirumala Rao Padilam Thirumala Rao Padilam May 8, 2026
New Quasar Linux RAT Targets Developer Credentials to Facilitate Software Supply Chain Attacks

A newly discovered Linux-based Remote Access Trojan named Quasar Linux RAT (QLNX) is targeting developers and DevOps environments to steal credentials and maintain persistent access. The RAT supports multiple malicious functions including keylogging, clipboard monitoring, file manipulation, and network tunneling, all aimed at facilitating software supply chain compromises.

What happened

Researchers have uncovered a previously undocumented Linux implant dubbed Quasar Linux RAT (QLNX), which specifically targets developer systems. Once installed, the malware establishes a silent and persistent presence that allows attackers to exfiltrate sensitive information and control the compromised systems remotely. The implant focuses on harvesting credentials linked to developers and DevOps personnel within software supply chains. It also carries out activities such as keylogging, clipboard data monitoring, modifying files, and creating network tunnels.

Why it matters

Developers and DevOps teams play a critical role in software supply chains, making their credentials highly valuable for attackers seeking to infiltrate software production environments. By compromising these accounts, attackers can manipulate software builds, insert malicious code, or gain deeper access to organizational networks. The discovery of QLNX highlights ongoing threats targeting Linux environments within development contexts, emphasizing the need for vigilance around developer credential security.

What security teams should do

Security teams should prioritize monitoring for unusual activity on developer workstations and Linux systems, especially those involved in DevOps or software build processes. Reviewing access logs for atypical credential usage and investigating signs of keylogging or clipboard interception can help detect early stages of compromise. Organizations should also verify the integrity of software build environments and enforce strong credential hygiene policies. Applying endpoint detection solutions capable of identifying RAT behaviors on Linux can enhance defense.

Key technical details

Quasar Linux RAT (QLNX) is a Remote Access Trojan that supports extensive post-compromise functionality tailored for stealthy persistence and data exfiltration on Linux hosts. Its capabilities include credential harvesting, capturing keystrokes, monitoring clipboard contents, manipulating files on the infected system, and establishing network tunnels for covert communications. The implant is designed specifically to target developer and DevOps credentials, facilitating software supply chain attacks by enabling attackers to remain undetected while controlling compromised systems.

Affected organizations/products

The implant targets developer and DevOps systems operating in software supply chain environments on the Linux platform. No specific organizations or products have been publicly identified as victims in the initial disclosure.

Source attribution

https://thehackernews.com/2026/05/quasar-linux-rat-steals-developer.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!