Cyber-Espionage Campaign Targets Linux Systems with New RAT

Cyber Security News by CyberSum.net

Published on October 23, 2025 at 09:00 PM

3 sources

A cyber-espionage campaign aimed at government entities running Linux systems has been uncovered. The activity, attributed to a group known as TransparentTribe, involves a new remote access tool (RAT) called DeskRAT. The campaign began in June 2025 and primarily targeted systems running a specific Linux distribution endorsed by the government. Phishing emails were used to deliver malicious ZIP archives containing deceptive documents referencing defense matters and regional unrest. The final payload, DeskRAT, is capable of establishing command-and-control communications, uploading and executing files remotely, and maintaining persistence through multiple Linux-specific techniques.

Also Read

Vidar 2.0 Infostealer Upgrade: Faster, More Evasive

Vidar 2.0, an upgraded version of the Vidar infostealer, has emerged with enhanced capabilities. The new version features a multithreaded architecture for faster data exfiltration and improved evasion techniques. Rewritten in C, Vidar 2.0 introduces new browser credential extraction methods and an automatic polymorphic builder to generate unique binary signatures. The upgrade coincides with a decline in Lumma Stealer activity, leading to increased adoption of Vidar 2.0. The malware targets a wide range of credentials and data sources, including browsers, cryptocurrency wallets, and cloud tokens. Its advanced evasion strategies make it a significant threat, requiring heightened vigilance from security teams.

By Cyber Security News by CyberSum.netOctober 23, 2025 at 03:00 PM