Cybersecurity experts have identified a new backdoor malware strain called Noodle RAT, used by Chinese-speaking hacker groups for espionage and cybercrime activities [1] [2] [3] [4].
Description
This remote access Trojan [3], active since 2016 [3] [5], has versions for both Windows (Win NOODLERAT) and Linux (Linux NOODLERAT) [3]. Noodle RAT has been targeting countries like Thailand [3], India [3], Japan [3], Malaysia [3], and Taiwan since 2020 [3], with the Linux version used by groups like Rocke and the Cloud Snooper Campaign [5]. It shares similarities with Gh0st RAT and Rekoobe but is distinct enough to be classified as a new malware family [5]. The malware uses loaders like MULTIDROP and MICROLOAD for installation and employs complex encryption algorithms for C&C communication [5]. Noodle RAT has been observed in targeted attacks in the Asia-Pacific region since 2022 [1] [2] [4], with multiple Chinese-speaking groups suspected to be behind its use for malicious purposes [1] [2]. This backdoor [1] [2] [3] [4], also known as an ELF backdoor [1] [2], is an attractive option for threat actors targeting Linux/Unix systems [3].
Conclusion
The emergence of Noodle RAT highlights the ongoing threat posed by sophisticated malware to cybersecurity. Organizations need to enhance their defenses against such threats through robust security measures, regular updates, and employee training. As cyber threats continue to evolve, staying vigilant and proactive is crucial to safeguarding sensitive information and systems from malicious actors.
References
[1] https://www.trendmicro.com/esmx/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
[2] https://www.trendmicro.com/plpl/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
[3] https://www.infosecurity-magazine.com/news/chinese-noodle-rat-backdoor/
[4] https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
[5] https://gbhackers.com/noodle-rat-to-attack-linux-servers/
