Quasar Linux RAT Targets Developers With Fileless Execution and eBPF Rootkit

Quasar Linux (QLNX) is a sophisticated, memory-resident Linux RAT observed targeting developers and DevOps hosts; it compiles unique host-specific rootkits using the local C compiler, deploys persistence via PAM and ld.so.preload, forms a peer-to-peer mesh, and exfiltrates SSH keys, cloud credentials, package tokens, and browser passwords — the report includes detailed IoCs, detection notes, and remediation guidance emphasizing full reimaging to remove eBPF/kernel-level persistence.