Noodle RAT: Potent Malware Still Active in 2024, Threatens Linux Users
Cybersecurity experts have confirmed the ongoing use of Noodle RAT, a potent malware strain, in 2024. This remote access Trojan, active since at least 2018, has been linked to Chinese-speaking threat groups engaged in espionage and cybercrime. Trend Micro has identified it as a distinct malware family, separate from previously misidentified variants like Gh0st RAT or Rekoobe.
Noodle RAT is deployed in two versions: Win.NOODLERAT for Windows systems and Linux.NOODLERAT for Linux/Unix systems. The latter has been identified as highly probable in recent samples, posing a threat to Linux users. Despite sharing some code with Rekoobe v2018, Linux.NOODLERAT is classified as a separate malware family. Noodle RAT's activity has been traced back to 2020, with campaigns targeting Thailand, India, Japan, Malaysia, and Taiwan.
Trend Micro's analysis reveals that Noodle RAT is still active in 2024, with samples uploaded to Virus Total. The malware is known for its ability to evade detection and its potential for attacks on Linux/Unix systems. It shares some similarities with Gh0st RAT but is considered a different strain. Previously, this backdoor in Executable and Linkable Format (ELF) files was misidentified as a variant of existing malware.
The continued use of Noodle RAT in 2024 underscores the need for vigilance among Linux/Unix users and cybersecurity professionals. As threat groups evolve their tactics, so too must our defenses. Further research is needed to fully understand Noodle RAT's capabilities and the extent of its use in cyber espionage and crime.
