Security News > 2023 > May > New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows

A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week.

BPFDoor, first documented by PwC and Elastic Security Labs in May 2022, is a passive Linux backdoor associated with a Chinese threat actor called Red Menshen, which is known to single out telecom providers across the Middle East and Asia since at least 2021.

BPFDoor gets its name from the use of Berkeley Packet Filters - a technology that makes it possible to analyze and filter network traffic in Linux systems - for network communications and process incoming commands.

Deep Instinct's findings come from a BPFDoor artifact that was uploaded to VirusTotal on February 8, 2023.

One of the key characteristics that make the new version of BPFDoor even more evasive is its removal of many hard-coded indicators and instead incorporating a static library for encryption and a reverse shell for command-and-control communication.

Upon launch, BPFDoor is configured to ignore various operating system signals to prevent it from being terminated.

News URL

https://thehackernews.com/2023/05/new-variant-of-linux-backdoor-bpfdoor.html