Rootkits

Advanced rootkits BPFDoor and Symbiote are targeting Linux-based servers and network appliances by exploiting BPF and eBPF filters to conceal command-and-control traffic. In 2025, researchers detected 151 new BPFDoor samples and three Symbiote samples, highlighting ongoing evolution of these threats. These malware families enable stealthy remote access, evading traditional firewalls and detection tools.