Security News > 2023 > May > Stealthier version of Linux BPFDoor malware spotted in the wild
A new, stealthier variant of the Linux malware 'BPFDoor' has been discovered, featuring more robust encryption and reverse shell communications.
BPFDoor is a stealthy backdoor malware that has been active since at least 2017 but was only discovered by security researchers around 12 months ago.
BPFDoor is designed to allow threat actors to maintain lengthy persistence on breached Linux systems and remain undetected for extended periods.
Deep Instinct reports that the latest version of BPFDoor is not flagged as malicious by any available AV engines on VirusTotal, despite its first submission on the platform dating February 2023.
BPFDoor remains undetected by security software, so system admins may only rely on vigorous network traffic and logs monitoring, using state-of-the-art endpoint protection products, and monitor the file integrity on "/var/run/initd.
A May 2022 report by CrowdStrike highlighted that BPFDoor used a 2019 vulnerability to achieve persistence on targeted systems, so applying the available security updates is always a crucial strategy against all types of malware.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)