LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNULinux rootkit dubbed LinkPro. "This backdoor features functionalities relying on the installation of two eBPF extended Berkeley Packet Filter modules,"