Hodin RAT

Linux is classified as one of the safest operating systems, hence why it is targeted by cybercriminals rarely. However, the myth of Linux's impenetrable defenses has been broken several times in the past few years, and nowadays Linux users must also take a lot of security measures to ensure that their systems will not be infected by cryptocurrency miners, RATs, backdoors or other cyber-threats.

A Public Linux RAT Project may Put Linux Systems in Harm's Way

An anonymous user on GitHub has uploaded the source code of what appears to be a Remote Access Trojan (RAT) compatible with Linux. The Hodin RAT, as the author calls it, has some interesting features and, naturally, it does not come close to the functionality offered by Windows-compatible RATs – this is likely to be owed to the fact that the security of most Linux distributions is very strong, and it is more difficult to perform certain actions on them.

Despite its limited capabilities, the Hodin RAT is still a threat that should not be underestimated – the sole fact that it is public and free is likely to mean that many cyber crooks will opt to use it. It allows the attackers to run several keyloggers to the compromised host – the author has implemented different keylogger modules to fit the requirements of a wide range of Linux distributions.

The Hodin RAT Packs Extended Surveillance Features

Furthermore, the operator of the Hodin RAT can:

• Record video via attached Web cameras.
• Use the microphone to record the surrounding environment.
• Download and execute files.
• Upload and execute files.
• Browse the victim's file system.
• Launch DDoS attacks using all active infected hosts.
• Execute remote commands.
• The threat also features a 'Remote Desktop' button that is listed as 'in-dev' by the author.

We are yet to encounter samples of Hodin RAT in the wild, but this threat serves as a good reminder of why you should not underestimate your system's security features even if you are a Linux user.