| Martin Cracauer via plug on 4 Aug 2025 13:11:27 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft |
jeffv via plug wrote on Mon, Aug 04, 2025 at 09:44:46AM -0400: > New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent > Credential Theft > > https://thehackernews.com/2025/08/new-plague-pam-backdoor-exposes.html > > "The implant is built as a malicious PAM (Pluggable Authentication Module), > enabling attackers to silently bypass system authentication and gain > persistent SSH access," Nextron Systems researcher Pierre-Henri Pezier said. That sounds like something easily detected by a rkhunter type of scan. Pretty lame. Not to mention t is just a payload and nobody has pointed out currently running exploits for it. Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer <cracauer@cons.org> http://www.cons.org/cracauer/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug