A new Linux remote access trojan named Krasue has been discovered targeting telecom companies in Thailand since at least 2021. Named after a Southeast Asian folklore spirit, Krasue can conceal its presence during the initialization phase, making it difficult to detect. While the exact initial access vector is unknown, it is suspected to be through vulnerability exploitation, credential brute-force attacks, or being part of a fake software package. Krasue utilizes a rootkit derived from open-source projects like Diamorphine, Suterusu, and Rooty to maintain persistence on the host without drawing attention. It may be deployed as part of a botnet or sold by initial access brokers to other cybercriminals seeking access to specific targets. The trojan uses RTSP messages as a disguised 'alive ping,' a tactic rarely seen in the wild. Command-and-control communications enable Krasue to designate a communicating IP as its master upstream C2 server and gather information about the malware, demonstrating its advanced capabilities and the need for increased security measures.