Hackers Actively Using Pupy RAT to Attack Linux Systems

Recent Asian campaigns have seen an uptick in attacks targeting Linux systems, leveraging the notorious Pupy Remote Access Trojan (RAT).

This malware, known for its versatility and stealth, has been employed by various threat actors to infiltrate and exploit systems, posing a significant risk to individual and organizational cybersecurity.

The Rise of Pupy RAT in Asia

Pupy RAT, a multifunctional malware, has been a tool of choice for cybercriminals due to its wide range of capabilities.

It allows attackers to perform numerous malicious activities, including file upload/download, remote command execution, information theft, keylogging, and screenshot capture.

Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

While Pupy RAT has historically targeted both Windows and Linux systems, recent reports indicate a focused campaign on exploiting Linux systems within the Asian region.

Broadcom has recently published a blog post that discusses hackers’ active use of Pupy Remote Access Trojan (RAT) to target Linux systems.

Pupy RAT is distinguished by its ability to operate undetected, thanks to its sophisticated evasion techniques. It is written in Python, making it highly adaptable and capable of running on multiple platforms.

For Linux systems, the malware utilizes a custom payload that exploits known vulnerabilities, granting the attackers unauthorized access.

The malware communicates with its command and control (C2) servers, receiving instructions and exfiltrating data.

Its modular nature allows attackers to tailor the malware to specific targets, enhancing its effectiveness.

The malware has been detected under various signatures, including:

File-based Signatures:

  • Packed.Vmpbad!gen38
  • Trojan.Gen.MBT
  • Trojan.Gen.NPE
  • WS.Malware.1

Machine Learning-based Signatures:

  • Heur.AdvML.B!100
  • Heur.AdvML.B!200
  • Heur.AdvML.C

Web-based Signatures:

  • Observed domains/IPs are covered under security categories in all WebPulse-enabled products.

Implications and Recommendations

The targeted attacks on Linux systems underscore the importance of maintaining robust cybersecurity measures.

Organizations and individuals alike are advised to keep their systems updated, employ advanced threat detection solutions, and educate users on the risks of phishing and other social engineering tactics.

The recent surge in Pupy RAT campaigns targeting Linux systems in Asia highlights the evolving landscape of cyber threats.

As attackers refine their techniques and target less conventional operating systems, the need for vigilant cybersecurity practices and advanced protection mechanisms has never been more critical.

By staying informed and prepared, users can defend against these sophisticated attacks and ensure the security of their digital environments.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.