Cyber-Espionage Campaign Targets Linux Systems with New RAT

A cyber-espionage campaign targeting government entities running Linux systems has been uncovered. The campaign, attributed to the group TransparentTribe, involves a new remote access tool called DeskRAT. Researchers found that phishing emails were used to deliver malicious ZIP archives containing deceptive documents. The campaign used dedicated staging servers to distribute malware, which executed a Bash command sequence to download and run a binary payload. DeskRAT is capable of establishing command-and-control communications, uploading and executing files remotely, and maintaining persistence through multiple Linux-specific techniques.

Latest mentioned: 10-23

Earliest mentioned: 10-23

Sources

infosecurity-magazine.com gbhackers.com

Also Read

Caminho Loader-as-a-Service Uses Steganography for Malware Delivery

Cybersecurity researchers have identified a new threat called Caminho, a Loader-as-a-Service (LaaS) that hides .NET payloads in images using Least Significant Bit (LSB) steganography. Active since March 2025, this operation targets businesses through spear-phishing emails with social engineering bait. The attack involves JavaScript or VBScript files that fetch obfuscated PowerShell code, which then extracts the malicious payload from images hosted on trusted sites. This fileless approach, combined with anti-analysis tricks, makes Caminho hard to detect. The loader injects final malware into benign processes and sets up persistence through scheduled tasks.

10-23Read more →