A novel backdoor tailored for covert access over the roaming exchange
GTPDOOR is Linux malware that communicates C2 traffic over GTP-C signalling messages blending in with normal telco traffic. It can execute commands sent in GTP echo requests and probe hosts covertly via TCP packets. Versions target x86 and i386 architectures.