A Trojan named Krasue targets telecom companies in Thailand

A previously unknown #Linux remote access Trojan called Krasue has been observed targeting telecom companies in Thailand by threatening secret access to victims’ networks for rent since 2021 .

The name Krasue means   female nocturnal spirit  from Southeast Asian folklore. This virus is able to hide its presence during the initialization phase .”

The initial vector disseminating the Krasue  Trojan is suspected to have been exploited by #vulnerabilities , credential brute force attacks, or downloaded as part of a fake software package or binary. The basic functions of the malware are also achieved through a rootkit that allows it to maintain persistence on the host without attracting any attention . 

This has increased the possibility of Krasue being deployed as part of a botnet or sold via intermediaries to other #cybercriminals, such as ransomware affiliates, looking to reach a specific target .

 Krasue uses RTSP (Real Time Broadcast Protocol) messages  to act as a “ping” 

Command and Control (C2) communications of the Trojan also allow it to set the connected IP address as the main C2 server , obtain information about the malware, and even terminate itself .

Krasue also shares many similarities in source code with another  Linux malware called XorDdos , suggesting that it was developed by the same author as the latter, or by actors who gained access to its source code . 

Source: The hacker newx

Edited by: Cyberax