Stealthy Linux rootkit found in the wild after going undetected for 2 years

Linux Remote Access Trojan, named “Krasue” by researchers at Group-IB, remained undetected for two years while infecting telecommunication companies. Active in Thailand since 2020, this malware operates largely undetected. It utilises several embedded rootkits, targeting network-related functions to disguise its activities, and uses RTSP messages to maintain a disguised constant communication link. It is suspected that Krasue could be deployed as part of a botnet or sold to cybercriminals by initial access brokers.