Malware

Novel BPFDoor malware variants uncovered

Privacy concept: pixelated words Malware on digital background, 3d render

Increasingly stealthy compromise of major telecommunication networks has been enabled by seven new variants of the BPFDoor malware, which have gained stateless command-and-control routing capabilities, according to GBHackers News.

Most critical of the novel BPFDoor versions are httpShell, which prioritizes C2 concealment within HTTP traffic to allow BPF logic to view for certain magic markers in inner packets, and icmpShell, which creates an interactive shell to impede static firewall rules while also supporting bidirectional ICMP tunnels, RC4 encryption, and UDP/ICMP hole-punching, findings from a Rapid7 report revealed.

Researchers also discovered several other lettered variants of BPFDoor that allow clandestine and resilient compromise of targeted networks, with the "H" variant including an active beacon performing NTP-themed domain resolution and opening encrypted sessions under the guise of IoT telemetry or time synchronization. Organizations' network defenders have been urged to closely monitor atypical BPF filters on raw sockets and other structural aberrations to prevent potential compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds