The stealthy rootkit-like malware known as BPFDoor (detected as Backdoor.Linux.BPFDOOR) is a backdoor with strong stealth capabilities, most of them related to its use of Berkeley Packet Filtering (BPF). In a previous article, Trend Micro researchers covered how BPFDoor and BPF-enabled malware work.
BPFDoor has been active for at least four years, with a report by PwC mentioning multiple incidents involving it in 2021. The same report also attributed the backdoor to Red Menshen. The said advanced persistent threat (APT) group, which Trend Micro tracks as Earth Bluecrow, is still actively targeting companies in the Asia, Middle East, and Africa (AMEA) region according to their telemetry.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- FIN6 returns to attack retailer point of sale systems in US, Europe
September 5, 2018
A new malware campaign has been detected which is targeting point-of-sale (PoS) systems across the United States and Europe. On Wednesday, researchers from IBM X-Force IRIS said the attacks have been attributed to the FIN6 cybercriminal group. This is only the second time that a campaign has been documented which appears to be the handiwork of FIN6. According to FireEye (.PDF), ...
- New Silence hacking group suspected of having ties to cyber-security industry
September 5, 2018
At least one member of a newly uncovered cybercrime hacking group appears to be a former or current employee of a cyber-security company, according to a new report released today. The report, published by Moscow-based cyber-security firm Group-IB, breaks down the activity of a previously unreported cyber-criminal group named Silence. According to Group-IB, the group has spent the ...
- Cybersecurity researchers double SCADA vulnerability finds
September 3, 2018
Independent cybersecurity researchers found nearly double the number of vulnerabilities in supervisory control and data acquisition (SCADA) systems in the first six months of 2018 as they did in the first half of 2017, according to a new report by Japanese multinational Trend Micro, amid rising concerns about infrastructure security. The 202 holes spotted in such ...
- Attackers Abuse WMIC to Download Malicious Files
August 30, 2018
Malware authors use WMIC and a host of other legitimate tools to deliver information-stealing malware, highlighting the continued use of living off the land tactics. We recently observed malware authors using a combination of a tool found on all Windows computers and a usually innocuous file type associated with modifying and rendering XML documents. While these ...
- How hackers managed to steal $13.5 million in Cosmos bank heist
August 27, 2018
Earlier this month, reports surfaced which suggested that Cosmos Bank, India’s oldest at 112 years old, had become the victim of a cyberattack which left the institution millions out of pocket. The attack reportedly took place in two stages been August 10 – 13. According to the Hindustan Times, malware was used on the bank’s ATM server ...
- macOS users targeted by new Lazarus attack
August 23, 2018
If you’re into cryptocurrency trading, you might want to pay attention, because a new malware is making rounds that’s stealing people’s money from crypto exchanges. And no, macOS is not safe either, there’s a version for Apple’s operating system, as well. Kaspersky Lab’s researchers from the Global Research and Analysis Team (GReAT) announced they discovered malware dubbed AppleJeus. In ...