Attackers Exploit Solaris Vulnerability To Install BPFDoor Malware

May 26, 2022

Threat actors are exploiting an old Solaris vulnerability to install BPFDoor malware.

The malicious software was discovered by researchers at PricewaterhouseCoopers (PwC) and linked to a China-based threat actor tracked as Red Menshen.

BPFDoor is a custom backdoor that has been in use for the last 5 years. It cannot be stopped by firewalls, it can work without opening any ports and does not require a command and control server as it can receive commands from any IP address on the web.

According to CrowdStrike, attackers are targeting Linux and Solaris systems that use the custom-built BPFDoor implant on telecommunications providers to steal personal user data.

The researchers pointed out that detecting BPFDoor/JustForFun implants on a Linux system can be very difficult, as the threat actors modifies existing SysVinit scripts on the host to achieve persistence. Therefore, reviewing the lines of code in SysVinit scripts is unlikely to reveal the reference to the implant.

The sources for this piece include an article in BleepingComputer.

Top Stories

Related Articles

June 26, 2026 Ford Motor Co. turned to veteran engineers to tackle persistent vehicle quality problems after finding that artificial more...

June 26, 2026 Meta's chief technology officer says employee morale has fallen to one of the lowest levels in the more...

June 26, 2026 Memory chip maker Micron says it has signed 16 long-term strategic customer agreements that include price floors more...

June 26, 2026 IBM says it has developed the world's first functional sub-1 nanometre computer chip, marking what the company more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn