{"id":242355,"date":"2026-05-09T09:13:00","date_gmt":"2026-05-09T13:13:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/09\/quasar-linux-rat-qlnx-a-fileless-linux-implant-built-for-stealth-and-persistence\/"},"modified":"2026-05-09T10:40:09","modified_gmt":"2026-05-09T14:40:09","slug":"quasar-linux-rat-qlnx-a-fileless-linux-implant-built-for-stealth-and-persistence","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/09\/quasar-linux-rat-qlnx-a-fileless-linux-implant-built-for-stealth-and-persistence\/","title":{"rendered":"Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence"},"content":{"rendered":"

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence<\/a><\/p>\n

https:\/\/securityaffairs.com\/191898\/malware\/quasar-linux-rat-qlnx-a-fileless-linux-implant-built-for-stealth-and-persistence.html<\/a><\/p>\n

Publish Date: 2026-05-09 09:13:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ May 09, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access.<\/h2>\n

Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malicious code can steal credentials, log keystrokes, manipulate files, monitor clipboard activity, and create network tunnels for remote access. Experts warn it poses a serious supply chain risk by targeting systems used in software development workflows.<\/p>\n

\u201cQuasar Linux RAT (QLNX) is a comprehensive Linux implant that combines remote access capabilities with advanced evasion, persistence, keylogging, and credential harvesting features. The malware carries embedded C source code for both its PAM backdoor and LD_PRELOAD rootkit as string literals within the binary.\u201d reads the report published by Trend Micro. \u201cIt dynamically compiles rootkit shared objects and PAM backdoor modules on the target host using\u00a0gcc, then deploys them via\u00a0\/etc\/ld.so.preload\u00a0for system-wide interception.\u201d<\/p>\n

QLNX is a powerful Linux remote access trojan that runs directly from memory to avoid detection, hides its activity using eBPF, wipes logs, and checks whether it is running inside containerized environments. It collects extensive information, including system details, clipboard data, shell history, SSH keys, Firefox profiles, and credentials through a malicious PAM module. <\/p>\n

\"\"<\/p>\n

QLNX communicates with attackers through encrypted channels and supports a wide range of commands, including remote shell access, file management, code injection, screenshot capture, keylogging, SOCKS proxies, and network tunneling. The malware also includes several persistence methods, allowing it to survive reboots and…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence https:\/\/securityaffairs.com\/191898\/malware\/quasar-linux-rat-qlnx-a-fileless-linux-implant-built-for-stealth-and-persistence.html Publish…<\/p>\n","protected":false},"author":1,"featured_media":242356,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-26.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[71,32,57],"class_list":["post-242355","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux","tag-malware","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/242355"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=242355"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/242355\/revisions"}],"predecessor-version":[{"id":242358,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/242355\/revisions\/242358"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/242356"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=242355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=242355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=242355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}