New Linux Backdoor PamDOORa Discovered

Cybersecurity researchers disclosed a new Linux backdoor named PamDOORa, advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor identified as "darkworm". The backdoor functions as a PAM (Pluggable Authentication Module)-based post-exploitation toolkit, enabling persistent SSH access through a magic password and a specific TCP port combination. No specific victim details, exploitation timelines, or CVE identifiers were mentioned in the disclosure. The toolkit is designed to steal SSH credentials by leveraging compromised PAM modules. The report originates from The Hacker News without additional technical indicators or mitigation steps provided.