Back

Quasar Linux RAT Targets Developers with Advanced Fileless Attacks

Severity: High (Score: 66.5)

Sources: Cybersecuritynews, Gbhackers

Published: 2026-05-27 · Updated: 2026-05-27

Keywords: linux, quasar, developers, fileless, attacks, qlnx, software

Severity indicators: ot, rootkit, rat, fileless

Summary

Quasar Linux (QLNX) is a newly identified Remote Access Trojan specifically targeting software developers and DevOps engineers. It employs sophisticated techniques such as fileless execution, an eBPF rootkit, and PAM backdoors to infiltrate systems, making detection challenging for traditional security measures. The malware operates primarily in memory, avoiding file storage, which is a common detection vector. Its peer-to-peer command and control (C2) mesh further complicates mitigation efforts. The attacks are indicative of a growing trend in targeting the software supply chain, posing significant risks to organizations reliant on Linux systems. Current reports indicate that the malware is actively being exploited, emphasizing the need for heightened security awareness among affected professionals. Key Points: • Quasar Linux (QLNX) targets developers and DevOps with advanced fileless techniques. • The malware uses an eBPF rootkit and PAM backdoors to evade detection. • Active exploitation of QLNX highlights significant risks to the software supply chain.

Detailed Analysis

**Impact** Software developers and DevOps engineers are the primary targets of this campaign, with workstations compromised to serve as footholds for software supply-chain attacks. The malware’s focus on developer environments increases the risk of widespread downstream impact on software integrity and distribution. No specific geographic regions or numbers of affected entities are provided. **Technical Details** Quasar Linux (QLNX) employs fileless execution techniques, running almost entirely in memory to evade detection. It uses an eBPF rootkit and PAM backdoors to maintain persistence and stealth, alongside a peer-to-peer command and control (C2) mesh network. The malware is unrelated to the Windows-based QuasarRAT family. No CVEs or specific IOCs are disclosed in the articles. **Recommended Response** Defenders should prioritize monitoring for unusual eBPF activity and PAM configuration changes indicative of backdoor installation. Memory-based detection tools and network traffic analysis for P2P C2 communications should be enhanced. No patch or CVE mitigation details are available; therefore, focus should be on behavioral detection and hardening developer and DevOps workstation environments.

Source articles (2)

  • Quasar RAT Hits Developers With Fileless Linux Attacks — Gbhackers · 2026-05-26
    Quasar Linux (QLNX) is a new, stealthy Linux Remote Access Trojan that quietly turns developer and DevOps workstations into high‑value beachheads for software supply‑chain attacks, using fileless exec…
  • Quasar Linux RAT Targets Developers With Fileless Execution and eBPF Rootkit — Cybersecuritynews · 2026-05-26
    A newly discovered Linux malware known as Quasar Linux, or QLNX, is actively targeting software developers and DevOps engineers with a level of sophistication rarely seen in Linux-focused threats. Unl…

Timeline

  • 2026-05-26 — Quasar Linux RAT discovered: Security researchers identified Quasar Linux, a sophisticated RAT targeting developers with fileless execution methods.
  • 2026-05-26 — Malware details released: Reports detailed the use of an eBPF rootkit and peer-to-peer C2 mesh in Quasar Linux attacks.

Related entities

  • Malware (Attack Type)
  • Supply Chain Attack (Attack Type)
  • Trojan (Attack Type)
  • QLNX (Malware)
  • Quasar Linux (Malware)
  • Quasar Linux RAT (Malware)
  • Quasar RAT (Malware)
  • Linux (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed