Unmasking BPFdoor: The Latest Stealthy Linux Malware Linked to Red Menshen

Recently, cybersecurity firm Deep Instinct’s threat lab discovered a new and previously unreported form of the BPFdoor malware. BPFdoor is a low-profile, passive backdoor specific to Linux that enables attackers to re-enter an infected machine for an extended period. Its ability to bypass firewall limitations on incoming traffic is what gives it its name. In this article, we will discuss the characteristics of the malware, its use of Berkeley Packet Filter, its link to the hacking group RedMenshen, and recent developments in its design.

BPFdoor’s use of Berkeley Packet Filter

BPFdoor’s unique characteristic is its use of Berkeley Packet Filter (BPF) to go beyond firewall limits on incoming traffic. By monitoring incoming traffic for a “magic” byte sequence, the malware allocates a memory buffer and starts a packet sniffing socket. BPFdoor runs so low that any firewall limitations on the compromised computer won’t affect this sniffing activity. This method allows attackers to infiltrate the system and operate under the radar without the system’s owner being aware of the breach.

While BPFdoor is not new, as it has been in use for several years, its discovery has added to the growing concerns about the hacking group known as Red Menace (Red Dev 18), who are believed to be the ones behind the malware. This active cybercriminal group has been linked to various cybersecurity incidents targeting financial and government organizations in Europe and Asia.

BPFdoor is a passive backdoor, which enables attackers to re-enter an infected machine undetected. In previous versions, the malware employed RC4 encryption, bind shell, and iptables for communication. Its commands and filenames were hardcoded, making it relatively easy for anti-virus software employing static analysis to detect.

New variants of BPFdoor

Recent variants of BPFdoor have made significant changes to its design. A more recent variant examined by Deep Instinct includes reverse shell communication, static library encryption, and all commands sent by the C2 server. This new design makes it significantly harder to detect and block by anti-virus software that uses static analysis. By removing hard-coded commands, BPFdoor becomes less likely to be discovered.

Benefits of deleting hardcoded commands

With the removal of hardcoded commands, BPFdoor becomes more adaptable to the needs of the attacker. It allows for greater flexibility in executing commands, making it easier to infiltrate the system and extract sensitive information. This aspect of the malware makes it considerably harder to detect and block, making it a severe threat to organizations.

Packet sniffing activity

One of the most significant advantages of BPFdoor is its ability to perform packet sniffing without detection. This method of monitoring traffic allows attackers to gather sensitive information, such as login credentials and other data, which can be used to exploit the system further. BPFdoor’s ability to run so low that it bypasses firewall limitations makes it an effective tool for attackers.

BPFdoor’s Ability to Bypass Firewall Limitations

BPFdoor’s ability to bypass firewall limitations is one of its most powerful features. This feature makes it incredibly difficult to detect and block by firewalls, allowing attackers to enter the system undetected and operate with anonymity. BPFdoor’s ability to remain hidden and undetected for prolonged periods makes it a serious threat to any organization.

In conclusion, the discovery of a new variant of BPFdoor and its continued use by Red Menshen highlights the urgent need for organizations to prepare themselves against such threats. BPFdoor’s unique design, including its use of BPF, packet sniffing, and its ability to bypass firewall limitations, makes it one of the most challenging malware to detect and block. Organizations that ignore these threats may face significant damages and data breaches. It is essential to remain vigilant and adopt a multi-layered security approach to mitigate the risks posed by BPFdoor and other similar malware.

Explore more

Trend Analysis: Shadow IT and Generative AI

In the midst of a rapidly evolving digital landscape, the rise of shadow IT coupled with the advent of generative AI presents a formidable challenge for modern organizations. Shadow IT involves the use of unapproved technologies within a company, while generative AI encompasses a new breed of intelligent tools capable of generating content, making predictions, and performing tasks previously reserved

Trend Analysis: AI-Powered Customer Data Platforms

In an era where consumer expectations continue to evolve at an unprecedented pace, businesses strive to adapt through innovative technologies. One such advancement gaining momentum involves AI-powered customer data platforms. These platforms have emerged as pivotal tools in helping businesses efficiently manage and leverage their customer data. This article explores the growth, applications, and future of these transformative platforms, supported

Trend Analysis: Digital Transformation in Private Funds

In a rapidly changing financial landscape, businesses are racing to harness digital technologies. The digital transformation of private funds is under close scrutiny as it reshapes the fund management process and enhances investor satisfaction. At the forefront of this shift is the recent partnership between Endava and Goji, which promises to redefine how private fund managers integrate digital solutions. This

Google Faces Legal Pressure Over AI Use of News Content

A growing controversy surrounding Google’s AI technology has sparked a series of legal challenges from independent content creators in the UK and EU. These legal actions target Google’s practice of using news content in its AI-generated summaries, a process that limits publishers’ ability to opt-out without sacrificing their presence in Google’s search results. This ongoing legal struggle indicates a broader

Trend Analysis: Floating Data Centers

In a world where data generation is increasing exponentially, the search for efficient and innovative data storage solutions becomes paramount. One solution gaining attention is the concept of floating data centers—an intriguing blend of maritime technology and cutting-edge digital infrastructure. With digital data doubling every few years, these floating installations offer a unique opportunity to meet escalating demands with a