Hodin RAT

Many Linux users believe falsely that their systems are an impenetrable fortress to the evil forces of malware. However, this is not the case. Despite there not being that much interest in developing malware targeting Linux systems specifically, there are still cybercriminals who are willing to get into this niche market. Linux users cannot afford to continue overlooking their security as there is an increasing number of Linux-targeting malware emerging.

Limited Abilities

Recently, a user of the GitHub website has decided to upload the code of a threat publicly, which is tailored to target Linux running systems. This threat is a RAT (Remote Access Trojan) that goes by the name the Hodin RAT. As with most RATs targeting Linux users, the Hodin RAT is not nearly as weaponized as various RATs that target Windows running computers. The reason for this may be the much more vigorous security measures present on the Linux OS.

Keylogger Module

The fact that the Hodin RAT is not as functional as a regular Windows-targeting RAT does not mean that it is harmless. Not at all. This RAT can still cause great harm to the infiltrated host. It appears that the main functionality of the Hodin RAT is to collect login credentials via a keylogger module.

Other Capabilities

Apart from the keylogging abilities of the Hodin RAT, this threat also can:

• Download files.
• Upload files.
• Execute files.
• Execute remote commands.
• Browse the files present on the system.
• Record audio via the microphone present on the system.
• Record video via the webcam present on the system.
• Launch DDoS (Distributed-Denial-of-Service) attacks.
• A Remote Desktop feature alsois in the works, judging by the client's interface.

Malware researchers have not yet spotted samples of the Hodin RAT, but it is very likely that shady individuals who come across the code, which is available for free, may use this threat to cause significant damages to innocent users.