Researchers have discovered a new previously undetected Linux malware dubbed “Plague” described as a malicious Pluggable Authentication Module (PAM) that enables attackers to silently bypass system authentication and gain persistent SSH access.
More details here: https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/
Roger Grimes, data-driven defense evangelist at KnowBe4, commented:
“Don’t let any media or vendor try to equate “stealthy” with undetectable. Nothing is further from the truth. It’s only stealthy and less detectable if you aren’t really looking in the first place. It pays to be nosy all the time.
“It still takes another initial exploit to get the PAM installed in the first place. An attacker isn’t walking up to your rightly configured Linux box and installing a brand new, unauthorized PAM. There has to be another previous exploit they took advantage of – social engineering, unpatched software, overly permissive permissions, etc. It doesn’t just happen. And given that prior constant, that there had to be another previous vulnerability that was taken advantage of and allowed an unauthorized person to install a rogue PAM, what can’t they do? A rogue PAM is just the start of your worries.”
This underscores the need to ensure that your systems regardless of OS are locked down and fully patched on top of being audited on a regular basis so that you spot threats like these before they can do any real damage.
Like this:
Like Loading...
Related
This entry was posted on August 4, 2025 at 3:34 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New “Plague” PAM-Based Backdoor for Linux Bypasses Authentication to Gain SSH Access
Researchers have discovered a new previously undetected Linux malware dubbed “Plague” described as a malicious Pluggable Authentication Module (PAM) that enables attackers to silently bypass system authentication and gain persistent SSH access.
More details here: https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/
Roger Grimes, data-driven defense evangelist at KnowBe4, commented:
“Don’t let any media or vendor try to equate “stealthy” with undetectable. Nothing is further from the truth. It’s only stealthy and less detectable if you aren’t really looking in the first place. It pays to be nosy all the time.
“It still takes another initial exploit to get the PAM installed in the first place. An attacker isn’t walking up to your rightly configured Linux box and installing a brand new, unauthorized PAM. There has to be another previous exploit they took advantage of – social engineering, unpatched software, overly permissive permissions, etc. It doesn’t just happen. And given that prior constant, that there had to be another previous vulnerability that was taken advantage of and allowed an unauthorized person to install a rogue PAM, what can’t they do? A rogue PAM is just the start of your worries.”
This underscores the need to ensure that your systems regardless of OS are locked down and fully patched on top of being audited on a regular basis so that you spot threats like these before they can do any real damage.
Share this:
Like this:
Related
This entry was posted on August 4, 2025 at 3:34 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.