Verticals Targeted: None yet Regions Targeted: None yet Related Families: None| PolySwarm Main Blog
Verticals Targeted: Not specified Regions Targeted: Not specified Related Families: Snowlight dropper Executive Summary VShell is a sophisticated Go-based backdoor targeting Linux systems through a novel infection chain that weaponizes filenames in RAR archives. This malware, linked to Chinese APT groups, exploits common shell scripting practices to execute malicious Bash payloads, delivering a stealthy, memory-resident backdoor capable of remote control, file operations, and network tunneling.| PolySwarm Main Blog
An exceptionally stealthy technique to hide files and masquerade processes on Linux systems| haxrob
Despite the venerable BPFDoor malware has once again found itself in the media spotlight. Recent variants avoid existing detections, so we will take a look at samples found in significant telecommunications provider breach in April 2025. 💡 Recommended for prior reading: Trend Micro (2025), Sandfly Security (2022), Elastic (2022). Detection| haxrob
An exploration into the archeological roots of the BPFDoor Linux malware.| haxrob