Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms

A sophisticated Linux Remote Access Trojan (RAT), dubbed Krasue, has been operating undetected for almost two years, primarily targeting organisations in Thailand’s telecom sector. Group-IB, who discovered Krasue, believe that it is linked to the creators of the XorDdos Linux Trojan. The RAT utilises stealthy techniques, like rootkit embedding, real-time streaming protocol messages and UPX packing, to remain unnoticed. The malware works to maintain access to the infected host and could be part of a botnet or sold to other cybercriminals.