LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
16 October 2025
An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv.
"This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other hand to be remotely