Cybersecurity researchers have identified a new Linux backdoor named Plague that has been undetected for over a year. This backdoor operates as a malicious Pluggable Authentication Module (PAM), allowing attackers to circumvent system authentication and maintain persistent SSH access, as highlighted by researcher Pierre-Henri Pezier from Nextron Systems.
PAM consists of a collection of shared libraries used for managing user authentication in Linux and UNIX systems. An unauthorized PAM can lead to the theft of user credentials, bypass authentication protocols, and operate quietly, evading traditional security measures.
The researchers found multiple Plague-related files uploaded to VirusTotal since July 29, 2024, which were not flagged as malicious by antivirus engines. This lack of detection, along with multiple samples, indicates that the malware is still under development by its creators.
Plague features include static credentials for discreet access, methods to resist reverse engineering through anti-debugging and string obfuscation, and capabilities to erase traces of an SSH session. For instance, it clears certain environment variables and redirects command history to prevent logging, thereby avoiding an audit trail.
Pezier emphasized that Plague’s integration within the authentication framework allows it to persist even through system updates and maintain a low profile, making it exceptionally challenging to detect with conventional tools.
For more insights, you can refer to the original report by Nextron Systems.
ChicagoVPS is your gateway to unparalleled hosting solutions. Our state-of-the-art datacenters and powerful network ensures lightning-fast speeds and uninterrupted connectivity for your websites and applications. Whether you’re a startup looking for scalable resources or an enterprise in need of enterprise-grade hosting, our range of plans and customizable solutions guarantee a perfect fit. Trust in ChicagoVPS to deliver excellence, combining unmatched reliability and top-tier support.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@chicagovps.net.
