Bleeping Computer wrote an extensive article covering the evasive BPFDoor malware found on many Linux systems globally:

BPFDoor: Stealthy Linux malware bypasses firewalls for remote access

The article discusses the background of discovery by researchers with technical details provided by Sandfly Security.

Although the backdoor is evasive, it is in fact easily found if you are looking for it. Sandfly can find this malware without any updates (and likely since 1.0 of our product). Our customers will get very clear alerts it is running when in the waiting and active backdoor operating states. Please see our full technical write-up for more details:

BPFDoor - An Evasive Linux Backdoor Technical Analysis