Attackers Exploit Solaris Vulnerability To Install BPFDoor Malware

Threat actors are exploiting an old Solaris vulnerability to install BPFDoor malware.

The malicious software was discovered by researchers at PricewaterhouseCoopers (PwC) and linked to a China-based threat actor tracked as Red Menshen.

BPFDoor is a custom backdoor that has been in use for the last 5 years. It cannot be stopped by firewalls, it can work without opening any ports and does not require a command and control server as it can receive commands from any IP address on the web.

According to CrowdStrike, attackers are targeting Linux and Solaris systems that use the custom-built BPFDoor implant on telecommunications providers to steal personal user data.

The researchers pointed out that detecting BPFDoor/JustForFun implants on a Linux system can be very difficult, as the threat actors modifies existing SysVinit scripts on the host to achieve persistence. Therefore, reviewing the lines of code in SysVinit scripts is unlikely to reveal the reference to the implant.

The sources for this piece include an article in BleepingComputer.

Attackers Exploit Solaris Vulnerability To Install BPFDoor Malware

Top Stories

AI tool is flagging pancreatic cancer early in China

Top 10 predictions for information technology developments in 2026

Meta buys agentic AI startup Manus to boost consumer AI push

AST SpaceMobile launches largest satellite ever, challenging Starlink with direct-to-phone 5G

SoftBank sells remaining Nvidia stake to fund $22.5B OpenAI commitment

What a year this has been.

Related Articles

Drivers complain in-car ads are becoming a road hazard

Meta buys agentic AI startup Manus to boost consumer AI push

AST SpaceMobile launches largest satellite ever, challenging Starlink with direct-to-phone 5G

Microsoft engineer sparks debate with goal to eliminate C and C++ by 2030

TND Newsdesk

TND Newsdesk

Jim Love

Follow Us

Popular categories

Tech News Delivered