A previously undocumented and mostly undetected variant of a Linux backdoor called
BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week.
"
BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with this latest iteration," security researchers Shaul Vilkomir-Preisman and Eliran Nissan
said.
BPFDoor (aka JustForFun), first documented by
PwC and
Elastic Security Labs in May 2022, is a passive Linux backdoor associated with a Chinese threat actor called
Red Menshen (aka
DecisiveArchitect or Red Dev 18), which is known to single out telecom providers across the Middle East and Asia since at least 2021.
The malware is specifically geared towards establishing persistent remote access to compromised target environments for extended periods of time, with evidence pointing to the hacking crew operating the backdoor undetected for years.
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion
BPFDoor malware uses Solaris vulnerability to get root privileges