3 matches found
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
An investigation into the compromise of an Amazon Web Services AWS-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro , according to findings from Synacktiv. "This backdoor features functionalities relying on the installation of two eBPF extended Berkeley...
New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using "Magic Packets"
A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet. "The Syslogk rootkit is heavily based on Adore-Ng but incorporates new...
Trixd00r v0.0.1 - An Invisible TCP/IP based backdoor for UNIX systems
Trixd00r v0.0.1 - An Invisible TCP/IP based backdoor for UNIX systems NullSecurity Team Releases "Trixd00r v0.0.1" an advanced and invisible TCP/IP based userlandbackdoor for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magi...