Tuesday, May 6, 2025
Homecyber securityTgRAT Malware Attacking Linux Servers with New Variant

TgRAT Malware Attacking Linux Servers with New Variant

Published on

SIEM as a Service

Follow Us on Google News

A new variant of the TgRAT malware, initially discovered in 2022 targeting Windows systems, has been observed attacking Linux servers.

This evolution marks a significant shift in the malware’s capabilities, broadening its potential impact on a wider range of systems. The Linux version of TgRAT was found in the wild earlier this month, raising alarms across the cybersecurity community.

Capabilities and Control Mechanisms

According to the Broadcom report, TgRAT exhibits a range of malicious activities when infecting a targeted Linux machine.

- Advertisement - Google News

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

The malware enables attackers to execute arbitrary commands or scripts, collect screenshots, and extract user files from the compromised host. This versatility makes TgRAT a potent tool for cybercriminals, capable of causing significant disruption and data breaches.

Notably, the malware is controlled via a Telegram bot, allowing attackers to manage their operations remotely and with some anonymity.

The associated malicious indicators are blocked and detected by existing policies within VMware Carbon Black products.

Symantec recommends implementing a policy that blocks all types of malware from executing, including known, suspect, and potentially unwanted programs (PUPs) to maximize protection.

Additionally, delaying the execution of a cloud scan can fully utilize the VMware Carbon Black Cloud reputation service, providing an extra layer of security.

As the cybersecurity landscape continues to evolve, the emergence of TgRAT’s Linux variant underscores the importance of robust, adaptive security measures. Organizations are urged to stay vigilant and ensure their defenses are up-to-date to mitigate the risks posed by this sophisticated malware.

you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...