Novel BPFDoor backdoor component facilitates covert attacks

Attacks involving a novel controller linked to the BPFDoor malware have been launched by the Earth Bluecrow threat operation, also known as Red Menshen, DecisiveArchitect, and Red Dev 18, against the Linux systems of telecommunications, finance, and retail organizations in Hong Kong, South Korea, Malaysia, Mynanmar, and Egypt last year, according to The Hacker News.

Targeted Linux servers have been previously compromised with a newly discovered malware controller that sought a user-inputted password before delivering a 'magic packet' inspected by BPFDoor's Berkeley Packet Filter and opening a reverse shell that could facilitate lateral movement across breached networks and extensive data compromise, a report from Trend Micro showed. "BPF opens a new window of unexplored possibilities for malware authors to exploit. As threat researchers, it is a must to be equipped for future developments by analyzing BPF code, which will help protect organizations against BPF-powered threats," said Trend Micro researcher Fernando Mercs.