VERY IMPORTANT

BPFDoor is a Linux/Unix backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device. It supports multiple protocols for communicating with a command & control server (C2) including TCP, UDP, and ICMP. It notably utilizes Berkeley Packet Filters (BPF) along with several other techniques to achieve these goals. BPF is a hooking function that allows a user-space program to attach a network filter onto any socket, and then allows or disallows certain types of data to come through that socket.