Security researchers say a newly discovered Linux malware dubbed GTPDOOR can establish command-and-control communications in compromised devices by leveraging the GPRS Tunnelling Protocol, The Hacker News reports.The malware is designed to be deployed in telecommunications networks situated next to GPRS roaming exchanges, which transport the roaming traffic between the visited and the home Public Land Mobile Network using GTP. It allows a threat actor that has already established persistence on the roaming exchange network to send a GTP-C Echo Request message with a malicious payload to a compromised host to establish contact. This allows the transmission of commands to be executed on the compromised device and the return of results back to the remote host. A security researcher who found two GTPDOOR artifacts that had been uploaded to VirusTotal from China and Italy said there is likely a link between this backdoor and a threat actor being tracked as LightBasin or UNC1945, which was reportedly involved in a series of attacks that targeted the telecom sector.
API security, Malware
Novel malware enables C2 communications by exploiting GTP

Today’s columnist, Brian Knudtson of 11:11 Systems writes that security pros have depended on analyzing logs for years. One good example: During the WannaCry attacks in 2017, investigators reviewed logs to determine whether malware was present on computers by scanning server logs for files that were encrypted with a specific extension or connections that were made through certain TCP ports. (Stock Photo: Getty Images)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



