A new Linux malware called “Plague” has been detected, exploiting core authentication mechanisms to maintain stealth and persistence while evading detection for over a year. It uses layered obfuscation, environment tampering, and anti-debugging techniques to hide its activity, making it extremely hard to detect with traditional security tools. #Plague #LinuxMalware
Keypoints
- The “Plague” malware utilizes a malicious PAM module to gain persistent SSH access on Linux systems.
- It employs advanced obfuscation, such as string obfuscation and environment tampering, to avoid detection.
- The malware sanitizes the environment by unsetting SSH variables and redirecting command history logs to erase traces.
- Multiple variants have been uploaded to VirusTotal without being flagged, indicating advanced stealth techniques.
- Its development suggests long-term active development, with the malware integrated deeply into the system’s authentication stack.