A novel backdoor tailored for covert access over the roaming exchange
released on 2024-03-04 @ 09:34:57 PM
GTPDOOR is Linux malware that communicates C2 traffic over GTP-C signalling messages, blending in with normal telco traffic. It can execute commands sent in GTP echo requests and probe hosts covertly via TCP packets. Versions target x86 and i386 architectures.