New BPFDoor Malware Variants Target Telecom Networks

New BPFDoor Malware Variants Target Telecom Networks

First seen 8 Apr 2026, 23:14 UTC GbhackersScworld 76% similarity 67.5

Article Content

Browse articles
ThreatCluster

Seven new variants of the BPFDoor malware have been identified, enhancing stealth in compromising major telecommunication networks. These variants utilize stateless command-and-control (C2) routing and employ techniques such as HTTP traffic concealment and ICMP tunneling to evade detection. The most notable variants include httpShell, which hides C2 within HTTP traffic, and icmpShell, which creates interactive shells while bypassing firewall rules. Other variants, such as the 'H' variant, utilize NTP-themed domain resolution for encrypted session establishment. Organizations are advised to monitor for unusual BPF filters and structural anomalies in network traffic to prevent potential breaches. The findings were reported by Rapid7 and highlight the growing sophistication of malware targeting critical infrastructure.

Key Points: • Seven new BPFDoor variants enhance stealth in telecom network compromises. • Key variants include httpShell and icmpShell, using advanced evasion techniques. • Organizations must monitor BPF filters and network anomalies to prevent breaches.

ThreatCluster AI

Timeline

2026-04-07
Gbhackers reports on new BPFDoor variants.
2026-04-08
Scworld publishes findings on BPFDoor malware.

Community

Browse all →