Stealthy GTPDOOR Linux malware targets mobile operator networks

March 4, 2024 at 02:08AM Security researcher HaxRob discovered a new Linux backdoor named GTPDOOR, targeting mobile carrier networks with a focus on GRX components. This tool, attributed to the ‘LightBasin’ threat group, can covertly communicate over GPRS Tunnelling Protocol Control Plane, bypassing traditional security solutions. The backdoor’s capabilities and detection strategies are detailed, along … Read more

GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks

February 29, 2024 at 07:09AM Threat hunters discovered a new Linux malware, GTPDOOR, designed for telecom networks near GPRS roaming exchanges. It uses GPRS Tunnelling Protocol for command-and-control communication. The backdoor is linked to known threat actor LightBasin targeting telecom sector for subscriber information theft. GTPDOOR allows contact with a compromised host and executing commands. … Read more