World's most popular operating system threatened by new form of malware

Security researchers have said that what was once thought of as a variant of another malware has been identified as a 'new type altogether'.

1 minute & 46 seconds read time

Hacking groups have been using a piece of weaponized code for nearly 10 years to access both Windows and Linux operating systems, and now security researchers have discovered it is not a variant of other malware but its own individual entity.

World's most popular operating system threatened by new form of malware 6515656

A new report published by Trend Micro has outlined a go-to form of malware used by Chinese-state-sponsored hacking groups such as Iron Tiger and Calypso. The piece of malware is believed to have been used since at least 2016, and was originally thought to be a variant of other famous malware such as Gh0st RAT and Rekoobe. Trend Micro reports the new malware isn't a variant of the aforementioned malware, but a "new type altogether".

The publication suspects its currently being used by many Chinese hacking groups performing espionage or cybercrime, and it has been dubbed "Noddle RAT". The new form of malware has been confirmed on both Windows and Linux machines, with some instances dating back as far as July 2016.

Multiple reports of attacks that used Noodle RAT have been popping up since 2018, but, unfortunately, they were misclassified due Noddle RAT using plugins that were used by Gh0st Rat (Windows version) and Linux's version having overlap with the Rekoobe malware.

"Despite its long history, Noodle RAT has not been properly classified until recently. Since 2018, multiple reports have been published about attacks involving Noodle RAT, but back then, this ELF backdoor was inadvertently identified as different malware families. For instance, NCC Group released a report on a variant of Gh0st RAT used by Iron Tiger in 2018.

Talos released a report on an ELF backdoor used by Rocke (aka Iron Cybercrime Group) in 2018. Sophos released a report on a Linux version of the Gh0st RAT variant used in the Cloud Snooper Campaign in 2018. Positive Technology Security released a report on Calypso RAT used by Calypso APT in 2019. Upon analysis, we discovered that the ELF backdoor mentioned in these reports was actually Noodle RAT," writes Trend Micro

More specifically, Windows and Linux versions, while being different, are very similar, such as the capability to upload and download files, running additional malware, working as a TCP proxy, and more. Furthermore, both version of the Noodle RAT malware share identical code for command-and-control (C2) communications.

"Noodle RAT is likely shared (or for sale) among Chinese-speaking groups," Trend Micro said. "Noodle RAT has been misclassified and underrated for years."

Buy at Amazon

$10 -PlayStation Store Gift Card [Digital Code]

TodayYesterday7 days ago30 days ago
Buy at Newegg
* Prices last scanned on 7/18/2024 at 12:45 pm CDT - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms. Instead of typical FPS, Jak holds a very special spot in his heart for RTS games.

Newsletter Subscription

Related Tags