<ciso brief/>
Tag Banner

All news with #rootkit tag

all tags →

Thu, October 16, 2025

LinkPro Rootkit Uses eBPF and Magic TCP Packets to Hide

#Backdoor #Rootkit #eBPF #C2 #Kubernetes #Docker #AWS #Vulnerability

🔒 An AWS-hosted compromise revealed a new GNU/Linux rootkit dubbed LinkPro, discovered by Synacktiv. Attackers leveraged an exposed Jenkins server vulnerable to CVE-2024-23897 and deployed a malicious Docker image (kvlnt/vv) to Kubernetes clusters, delivering a VPN/proxy (vnt), a Rust downloader (vGet) and vShell backdoors. LinkPro relies on two eBPF modules—Hide and Knock—to conceal processes and activate via a magic TCP packet, with a user-space fallback via /etc/ld.so.preload when kernel support is missing.

read more →