PamDOORa: PAM module stealing SSH credentials and enabling covert access

Colleagues, note: a new Linux backdoor, PamDOORa, has been detected.
- Flare.io: PamDOORa is a PAM module that provides post‑exploit SSH access via a 'magic' password and port and exfiltrates user credentials.
- It runs with root privileges and includes anti‑forensic capabilities to alter logs.
- Probable scenario: attacker gains root, installs the module; the tool is traded on forums.
Why it matters: PAM compromise can cause widespread credential leakage and stealthy server access.
Recommended: verify PAM configs and module integrity; monitor for SSH anomalies.
How do you assess the risk to your Linux servers?
#cybersecurity #Linux #PAM #incident


Latest comments
No comments yet.