This dangerous new form of malware is attacking Windows and Linux systems alike

Sead Fadilpašić

13 June 2024 at 11:57 am·2-min read

For almost a decade, different Chinese threat actor groups used a piece of weaponized code that was mistakenly categorized as a variant of another malware, security experts have admitted.

In a report, Trend Micro revealed since 2016, groups such as Iron Tiger and Calypso used a piece of malware that was thought to be a variant of Gh0st RAT and Rekoobe. The former was first observed back in 2008 and has, throughout the years, become the go-to tool for Chinese state-sponsored threat actors.

But this backdoor, which Trend Micro dubbed Noodle RAT, is no variant, “but is a new type altogether,” the researchers say. This remote access trojan, which is also sometimes labeled as ANGRYREBEL or Nood RAT, is available on both Windows and Linux, and has been circulating around the world since at least 2016, so roughly eight years now.

Overlapping features

While the Windows and Linux versions vary somewhat, there are overlapping features - both support uploading and downloading files, running additional malware, working as a TCP proxy, and initiating SOCKS tunneling. What’s more, both versions share identical code for command-and-control (C2) communications.

Apparently, the researchers were confusing Noodle RAT with a variant of Gh0st since the Windows version reuses some of its plugins. On the other hand, the Linux version has some code overlaps with Rekoobe.

"Noodle RAT is likely shared (or for sale) among Chinese-speaking groups," Trend Micro said. "Noodle RAT has been misclassified and underrated for years."

Different groups are using the tool against different targets and for different purposes. That being said, two separate Windows loaders - MULTIDROP and MICROLOAD, were observed in Thailand and India.

China has a very active hacking community on the government’s payroll, including infamous groups such as Winnti, Buckeye, or Stone Panda.

More from TechRadar Pro

Thousands of FortiGate VPN systems hit by Chinese hackers
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Reuters
Microsoft consolidates retail channels in China
Microsoft is consolidating its retail channels in mainland China, the firm said in response to media reports that it is closing its network of authorised physical retailers in the world's second-largest economy. Microsoft did not confirm or deny the closures and did not comment on the number of authorised stores that would be impacted by the consolidation, in response to a request for comment from Reuters. "Microsoft continually assesses its retail strategy to meet the evolving needs of our valued customers and we’ve made the decision to focus our channel approach in Mainland China," it said in a statement.
Malay Mail
Thursday, not Tuesday: PM Anwar raps home minister for batik blunder in Parliament
KUALA LUMPUR, July 2 — Prime Minister Datuk Seri Anwar Ibrahim today admonished Home Minister Datuk Seri Saifuddin Nasut...
Malay Mail
Online users make fun of Wan Fayhsal, Radzi for final 5km effort during Syed Saddiq's 200-km run
KUALA LUMPUR, July 1 — Muar MP Syed Saddiq Abdul Rahman took a stand against government inaction in a rather unusual way...
The Telegraph
Prison officer accused of having sex with an inmate on video appears in court
A prison officer allegedly filmed having sex with an inmate in a cell has appeared in court charged with misconduct in public office.
INSIDER
Malaysia's $100 billion ghost town is good for at least one thing: filming documentaries and shows like Netflix's 'The Mole'
Embattled Forest City is a backdrop for a handful of reality shows and documentaries.
Malay Mail
Proton makes cheeky fun of Tesla’s Cybertruck in X50 social media ad (VIDEO)
KUALA LUMPUR, July 2 — Tesla’s Cybertruck has been gaining attention for more than its futuristic design. Various online...
Malay Mail
With 2.3 million Malaysian adults living with three NCDs, doctors warn of serious public health risks
KUALA LUMPUR, July 2 — The key findings from the newly-released National Health and Morbidity Survey 2023 by the Health...
HuffPost Life
Gastro Doctors Share The 1 Food They Never (Or Rarely) Eat
The experts on gas, bloating, colon cancer and other digestive issues share what they avoid themselves.
The Telegraph
Macron ‘practically wiped out’, Marine Le Pen declares
Follow the latest updates in our French election liveblog
The Telegraph
John Terry brands BBC ‘disgrace’ after poking fun at Cristiano Ronaldo’s tears
Cristiano Ronaldo was left in floods of tears after missing a penalty in Portugal’s European Championship round of 16 win over Slovenia in Frankfurt on Monday night.
Malay Mail
Spurned by Perikatan, Ramasamy says ‘time for Urimai to be a political coalition’ in Malaysia
KUALA LUMPUR, July 2 ― The fledgling United Rights of the Malaysian Party (Urimai), an emerging political entity that...
The Independent
A pair of siblings were stabbed and the sister’s dying words were that the killer was a man from Detroit. Thirty-four years later, he’s been arrested.
Pamela Sumpter, was raped and stabbed, and her brother John Sumpter was stabbed to death, at their Georgia home on July 15, 1990. Andrea Cavallier reports
Associated Press
Nepalese spiritual leader ‘Buddha Boy’ sentenced to 10 years in prison for sexual assault on minor
A controversial spiritual leader in Nepal known as “Buddha Boy” has been sentenced to a 10-year prison term Monday for sexually assaulting a minor, court officials said. Ram Bahadur Bamjan — believed by some to be the reincarnation of the founder of Buddhism — was also ordered to pay $3,700 in compensation to the victim by a judge at the Sarlahi District Court in southern Nepal. The man will have 70 days to appeal against the court order, court official Sadan Adhikari said.
People
Taylor Swift Gets Stuck on Platform After Stage Malfunction During Dublin Concert
One of the popstar's backup dancers, Jan Ravnik, came to her rescue during the Eras Tour mishap
People
Woman Was Killed by Man Her Mom Had Forced Her to Marry — and Now the Mother Is Convicted
Prosecutors in Australia said Sakina Muhammad Jan forced her daughter to marry a man she didn't want to wed in November 2019, weeks before he killed her
Malay Mail
Teh tarik satu, boss? Otters are surprise ‘regulars’ at a Perak mamak (VIDEO)
KUALA LUMPUR, July 2 — Visitors to a mamak eatery in Perak got a furry surprise when a pair of otters dashed into the es...
The Independent
Chinese teenager injured in ‘racially motivated’ attack in New Zealand
The 16-year-old schoolboy was travelling by bus to Auckland City when he was attacked by a woman with a metal bar, police say
Malay Mail
Transport minister: Bus in Genting Highlands crash had expired permit and is over 15 years old
KUALA LUMPUR, July 1 — Transport Minister Anthony Loke today revealed that the bus that crashed in Genting Highlands and...
Cinema Online
Jiang Zhihao reveals hardship in battling lung cancer
The "Youth with You 3" alumnus says that his condition has worsened since last update
CNN
The reason why NATO and Europe found Biden’s debate performance so alarming
Joe Biden’s performance at the CNN presidential debate against Donald Trump has raised concerns with US allies - particularly within NATO and Europe.

Overlapping features

More from TechRadar Pro

Latest stories