A newly discovered VPN backdoor malware gains access to a network and then lies dormant until it receives an encoded “magic packet”.
The magic packet, which is embedded in TCP traffic, sparks the backdoor to issue a challenge in the form of a piece of encrypted text to the device that sent it.
The device then has to respond correctly, meaning it has to have access to a related secret key, which proves it is not a security probe and grants access to the network.
The backdoor only resides in the VPN’s memory, making it harder to detect and allowing it to bypass security and gain access to a network, potentially going undetected.
The malware has so far been identified on 36 corporate VPNs running Juniper Network’s Junos OS, but it is currently unclear how the backdoor is being installed.