Do shoot the messenger: Telegram-controlled backdoor trojan targets Linux servers

Doctor Web analysts uncovered Linux.BackDoor.TgRat.2, a Linux variant of the TgRat RAT delivered by a trojan dropper that targets specific hosts by checking a hostname hash and is controlled through a Telegram bot; it supports file exfiltration, screenshots, remote command execution, uses RSA encryption and bash-based script execution, and the report includes IOCs and detection/mitigation recommendations.