A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five

BPFdoor: Stealthy Linux malware bypasses firewalls for remote access

submited by
Style Pass
2022-05-12 18:00:09

A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.

BPFdoor is a Linux/Unix backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device.

The malware does not need to open ports, it can’t be stopped by firewalls, and can respond to commands from any IP address on the web, making it the ideal tool for corporate espionage and persistent attacks.

BPFdoor is a passive backdoor, meaning that it can listen on one or more ports for incoming packets from one or more hosts, that attackers can use to send commands remotely to the compromised network.

The malware uses a Berkeley Packet Filter (the BPF in the backdoor’s name), that works at the network layer interface being able to see all network traffic and send send packets to any destination.

It has versions for Linux and Solaris SPARC systems but it could be ported to BSD as well, BleepingComputer learned from Craig Rowland, the founder of Sandfly Security, a company that offers an agentless solution to protect Linux systems.

Leave a Comment