New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

/in

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.”
The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.

The Hacker News – ​Read More

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity RiskOne Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity RiskPolish Security Agency Reports ICS Breaches at Five Water Treatment Plants