SoylentNews

An Anonymous Coward writes:

by Pierre-Henri Pezier | Aug 1, 2025

As part of our ongoing threat hunting efforts, we identified a stealthy Linux backdoor that appears to have gone publicly unnoticed so far. We named it Plague. The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access.

What caught our attention: although several variants of this backdoor have been uploaded to VirusTotal over the past year, not a single antivirus engine flags them as malicious (see screenshot). To our knowledge, there are no public reports or detection rules available for this threat, suggesting that it has quietly evaded detection across multiple environments. [...]

Article continues @: https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/ [nextron-systems.com]
Article archived @: https://archive.ph/gzh9Z [archive.ph]
Article referenced @: https://www.bleepingcomputer.com/news/security/new-plague-malware-backdoors-linux-devices-removes-ssh-session-traces/ [bleepingcomputer.com]

Original Submission