Cybersecurity firm Group-IB reveals the discovery of a new Linux Remote Access Trojan (RAT) named “Krasue,” utilized by cybercriminals to maintain covert access to the networks of targeted companies in Thailand since 2021.

What you should know

• Krasue Overview: Group-IB identifies Krasue as a Linux RAT targeting exclusively Thai companies, remaining under the radar since 2021, with potential use in other sectors.
• Functionality and Detection: Krasue’s core functionality lies in network access maintenance. The malware enters systems through various vectors like vulnerability exploitation, credential attacks, or deceptive downloads, evading detection during initialization.
• Rootkit and Code Similarities: Krasue employs a rootkit based on Linux Kernel Module rootkits. Notably, it shares similarities with XorDdos, suggesting a common author or access to XorDdos’ source code.
• Communication Strategy: Krasue uses Real Time Streaming Protocol (RTSP) for communication with its command and control server, a tactic uncommon in this context, potentially aiding in evasion.

Group-IB’s discovery of the sophisticated Linux RAT, Krasue, underscores the ongoing challenges of cyber threats. The firm’s swift response and collaboration with ThaiCERT and TTC-CERT highlight the importance of proactive cybersecurity measures.