A newly discovered Linux malware called QLNX is silently infecting developers' machines, harvesting credentials and keystrokes while enabling attackers to tunnel through compromised networks — with researchers warning the implant specifically targets software supply chain personnel.