Researchers have uncovered a new Linux backdoor named Plague that disguises itself as a PAM module to covertly bypass authentication and maintain persistent SSH access. This sophisticated malware employs advanced obfuscation, anti-debugging, and session cleansing techniques to evade detection. #PlagueBackdoor #LinuxThreats
Keypoints
- The Plague backdoor is hidden as a malicious PAM module on Linux systems.
- It features multi-layered string obfuscation, including XOR encryption and DRBG layers, to evade analysis.
- Advanced anti-debugging techniques are used, such as environment checks and session sanitization.
- The malware maintains stealth by erasing session artifacts and disguising its presence.
- Its attribution remains unknown, but hints of hacker references suggest a covert threat actor.