22.Lock ScreenEffect Esm W900

Experts have recently discovered an upgraded version of the BPFDoor malware for Linux(opens in new tab), that’s seemingly harder to spot - and aAs a result, no antivirus programs are still flagging the executable as malicious.

Cybersecurity researchers from Deep Instinct noted that BPFDoor, which was first discovered in 2022, has been active since at least 2017. The tool got its name from the (ab)use of the Berkley Packet Filter (BPF), which it uses to get instructions and bypass any firewalls. 

Its design allows the threat actors to remain undetected on a compromised Linux system for longer periods of time, it was said. BPFDoor’s key feature is allowing threat actors to see all network traffic and find vulnerabilities, as well as sending out remote code through (now) unfiltered and unblocked channels.