New Linux Backdoor 'Plague' Exploits PAM for Persistent SSH Access

Cybersecurity researchers have uncovered a new Linux backdoor named Plague, which has evaded detection for a year. This malicious implant is integrated as a PAM (Pluggable Authentication Module), allowing attackers to bypass system authentication silently and obtain persistent SSH access. According to Pierre-Henri Pezier, a researcher at Nextron Systems, this method exposes critical Linux systems to silent credential theft. The stealthiness of Plague underscores the need for robust monitoring and detection mechanisms. Organizations should regularly audit PAM modules, enhance detection mechanisms, and implement strong credential management practices. The discovery of Plague highlights the evolving sophistication of backdoors and the necessity for advanced threat detection strategies in Linux environments.