“Invisible” malware has been attacking Linux and Solaris systems for 5 years

“Invisible” malware has been attacking Linux and Solaris systems for 5 years

BPFdoor is a recently discovered backdoor-type malware that has a puzzling peculiarity: it has been affecting Linux and Solaris systems for over 5 years without ever having been detected before. It allows hackers to remotely connect to a Linux shell and gain complete control of the target system. It is an ideal malware for conducting continuous attacks and for industrial espionage, as it does not require opening ports, is immune to firewalls and is able to respond to commands from any IP address.

By taking advantage of a sniffing function that operates in the interface at the network layer, the malware is not subject to the rules of the firewall and remains in "listening" for packets from ports I CMP, UDP and TCP. By detecting specific packets, with precise values ​​and, in the case of UDP / TDP, a password, the backdoor is activated by executing one of the supported commands, for example by activating a reverse shell.



Linux is also subject to malware attacks