PRISM is an user space stealth reverse shell backdoor.
It can works in two different ways:
Using this operation mode the backdoor waits silently in background for a specific ICMP packet containing the host/port to connect back and a private key to prevent third party access.
Using this operation mode the backdoor try to connects to an hard-coded IP/PORT.
- Two operating modes (ICMP and STATIC)
- Runtime process renaming
- No listening ports
- Automatic iptables rules flushing
- Written in pure C
- No library dependencies