May 05, 2026mediumsupply-chain

alert ≥ mentions

…

New stealthy Quasar Linux malware targets software developers

A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities.

what's affectedNew stealthy Quasar Linux malware targets software developers

mitigation statusMonitoring updates

first reportedMay 05, 2026

Grace Ops

triage-ready iocs + detections

fresh

IOC Workbench

typed indicators with fast copy and export actions

2 total

uhttps://www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/

dwww.bleepingcomputer.com

2 indicators staged for handoff.

Rule Studio

starter detections generated from this IOC set

2 formats

!Draft output: validate and tune before production rollout.

sigmadraft

title: AHackaday IOC starter detection id: ahackaday-2026-05-05-new-stealthy-quasar-linux-malware-targets-software-developers-e110f235 description: IOC starter rule for New stealthy Quasar Linux malware targets software developers status: experimental author: ahackaday logsource: product: network detection: selection_iocs: - "https://www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/" - "www.bleepingcomputer.com" condition: selection_iocs falsepositives: - unknown level: medium

coverage

yaradraft

rule ahackaday_2026_05_05_new_stealthy_quasar_linux_malware_targets_software_developers_e110f235 { meta: description = "IOC starter for New stealthy Quasar Linux malware targets software developers" author = "ahackaday" strings: $ioc1 = "https://www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/" nocase $ioc2 = "www.bleepingcomputer.com" nocase condition: any of them }

coverage

Response Tracks

fast operational tracks from this incident snapshot

4 tracks

source-backed 1 refs

discussion

0 comments

Loading comments…

audit trail / provenance0

Provenance

Claims tie surfaced fields back to sources, models, or heuristics.

No structured claims yet — severity uplift rationale still applies below.

What changed

Append-only revisions when ingest or analysts evolve the record.

No revision rows stored yet.

Sources

https://www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/

Curated May 05, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.

Grace Ask GracereadyGrace is ready

Grounded in this brief only — New stealthy Quasar Linux malware targets software developers. Press ⌘K any time.

You're answering aschange anytime

Pick a playor type your own ↓

Tone

Pick a play above, or type your question

Generate an answer and Grace will return a grounded response for this incident.

social pulse

mentions (24h)22

velocitytrend flat

mentions delta+0% vs prior snapshot

platform splitX 77% · Reddit 0% · GitHub 23%

keywords

chksmscenesubscene

x analyticsheat 31 (flat)

authors 17verified 0%

likes56

retweets27

replies1

quotes1

summaryLive chatter is accelerating; analysts are actively validating impact.

scanning advisory feeds…

back to feed

May 05, 2026mediumsupply-chain

alert ≥ mentions

…

New stealthy Quasar Linux malware targets software developers

A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities.

what's affectedNew stealthy Quasar Linux malware targets software developers

mitigation statusMonitoring updates

first reportedMay 05, 2026

Grace Ops

triage-ready iocs + detections

fresh

IOC Workbench

typed indicators with fast copy and export actions

2 total

uhttps://www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/

dwww.bleepingcomputer.com

2 indicators staged for handoff.

Rule Studio

starter detections generated from this IOC set

2 formats

!Draft output: validate and tune before production rollout.

sigmadraft

coverage

yaradraft

coverage

Response Tracks

fast operational tracks from this incident snapshot

4 tracks

source-backed 1 refs

discussion

0 comments

Loading comments…

audit trail / provenance0

Provenance

Claims tie surfaced fields back to sources, models, or heuristics.

No structured claims yet — severity uplift rationale still applies below.

What changed

Append-only revisions when ingest or analysts evolve the record.

No revision rows stored yet.

Sources

https://www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/

Curated May 05, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.