Pam Backdoor Exploits PAM Modules to Steal SSH Credentials from Linux Systems

Severity: Medium (Score: 58.5)

Sources: Thehackernews, Cybersecuritynews, Gbhackers

Summary

A new backdoor, named Pam, has been identified targeting Linux systems by exploiting Pluggable Authentication Modules (PAM) to capture SSH credentials. This technique allows attackers to maintain persistence on compromised systems. The backdoor leverages the modular architecture of Linux, which has been in use since 1991, making it particularly stealthy and difficult to detect. The attack primarily affects Linux servers and workstations that utilize PAM for authentication. As of now, there are no specific CVEs or patches reported for this backdoor, and its full impact on the Linux community remains to be assessed. Security professionals are advised to monitor their systems closely for any signs of compromise. The threat level is considered significant due to the potential for widespread exploitation. Key Points: • The Pam backdoor targets Linux systems by exploiting PAM modules to steal SSH credentials. • It allows attackers to maintain persistence on compromised systems, making detection challenging. • No specific CVEs or patches have been reported, indicating a need for heightened vigilance.

Key Entities

• Malware (attack_type)
• Pam (malware)
• PamDOORa (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• Linux (platform)