Discover the Stealthy New Malware Targeting Telecom Networks! GTPDOOR uses GPRS Tunnelling Protocol for unseen levels of control.

New Linux malware, GTPDOOR, targets telecom networks adjacent to GPRS roaming exchanges (GRX) using GTP for C2 communications. Discovered by security researcher haxrob, it’s likely linked to LightBasin (UNC1945), known for telecom attacks. GTPDOOR masquerades as a syslog process and uses raw sockets to receive UDP messages. It covertly executes commands via GTP-C Echo Request messages, responding to external probes with crafted TCP packets.