Citrix NetScaler Unified Gateway is a solution that customers use for identity protection, access management and single sign-on to their on-premises, cloud and SaaS applications. More details about the product can be found at our page here: NetScaler Unified Gateway.
Recently, there have been some articles about a remote-access Trojan called Kedi, which has masqueraded as a Citrix utility. The RAT itself is designed to look like Citrix tech to fool users.
It is impacting systems worldwide, so we wanted to provide an update and share some tips to be on the lookout for this RAT and push security best practices.
At Citrix, all our products go through security AND compliance checks. We would like to inform to all our customers, partners and community that the Kedi Trojan is not related to NetScaler Unified Gateway or its binaries in any way and does not reflect a Citrix vulnerability. The NetScaler Unified Gateway plugin binaries are digitally signed and cannot be tampered with. If you happen to be affected by this Trojan, please do ensure you check for the digital signature. Below is a way to check the digital signature of the Unified Gateway binary on Windows.
Signature check for Citrix NetScaler Gateway binary
If you have additional questions, please leave them in the comments section below.