New Linux Backdoor 'Plague' Bypasses Authentication via Malicious PAM Module

A new Linux backdoor named Plague has been discovered by researchers at Nextron Systems. This backdoor is disguised as a malicious Pluggable Authentication Module (PAM), allowing attackers to bypass authentication and maintain persistent SSH access to compromised systems. PAM modules are integral to Linux authentication processes, making this a particularly stealthy and dangerous threat. By masquerading as a legitimate PAM module, Plague can evade detection by traditional security measures, granting attackers continuous access even if other vulnerabilities are patched. This discovery underscores the growing trend of attackers targeting fundamental security mechanisms. Cybersecurity professionals must prioritize the integrity of authentication processes, conducting regular audits and integrity checks of PAM modules and other critical system components. Additionally, monitoring for unusual SSH access patterns is crucial for detecting such threats. The emergence of Plague highlights the need for heightened vigilance and robust security measures to protect against sophisticated attacks that bypass traditional authentication controls.