LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

Updated on October 16, 2025

An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv.
“This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other hand to be remotely…

Read the rest of the story at Read More

Source: The Hacker News

October 10, 2025 Uncategorized

CL0P-Linked Hackers Breach Dozens of Org...

September 23, 2024 Uncategorized

Discord Introduces DAVE Protocol for End...

March 26, 2025 Uncategorized

LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

Related posts

CL0P-Linked Hackers Breach Dozens of Org...

Discord Introduces DAVE Protocol for End...

How PAM Mitigates Insider Threats: Preve...

Leave a Comment Cancel reply

Recent News

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide