{"id":236565,"date":"2026-05-05T23:14:53","date_gmt":"2026-05-06T04:14:53","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/05\/new-stealthy-quasar-linux-malware-targets-software-developers"},"modified":"2026-05-05T23:14:53","modified_gmt":"2026-05-06T04:14:53","slug":"new-stealthy-quasar-linux-malware-targets-software-developers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/05\/new-stealthy-quasar-linux-malware-targets-software-developers","title":{"rendered":"New stealthy Quasar Linux malware targets software developers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/new-stealthy-quasar-linux-malware-targets-software-developers2.jpg\"><\/a><\/p>\n<p>A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers\u2019 systems with a mix of rootkit, backdoor, and credential-stealing capabilities.<\/p>\n<p>The malware kit is deployed in development and DevOps environments in npm, PyPI, GitHub, AWS, Docker, and Kubernetes. This could enable supply-chain attacks where the threat actor publishes malicious packages on code distribution platforms.<\/p>\n<p>Researchers at cybersecurity company Trend Micro analyzed the QLNX implant and found that \u201cit dynamically compiles rootkit shared objects and PAM backdoor modules on the target host using gcc [GNU Compiler Collection].\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers\u2019 systems with a mix of rootkit, backdoor, and credential-stealing capabilities. The malware kit is deployed in development and DevOps environments in npm, PyPI, GitHub, AWS, Docker, and Kubernetes. This could enable supply-chain attacks where the threat actor publishes malicious packages on code distribution [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,8],"tags":[],"class_list":["post-236565","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-space"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/236565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=236565"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/236565\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=236565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=236565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=236565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}