VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

PamDOORa: PAM module stealing SSH credentials and enabling covert access

PamDOORa: PAM‑модуль, крадущий SSH‑учётные данные и дающий скрытый доступ

Colleagues, note: a new Linux backdoor, PamDOORa, has been detected.

- Flare.io: PamDOORa is a PAM module that provides post‑exploit SSH access via a 'magic' password and port and exfiltrates user credentials.
- It runs with root privileges and includes anti‑forensic capabilities to alter logs.
- Probable scenario: attacker gains root, installs the module; the tool is traded on forums.

Why it matters: PAM compromise can cause widespread credential leakage and stealthy server access.

Recommended: verify PAM configs and module integrity; monitor for SSH anomalies.

How do you assess the risk to your Linux servers?

#cybersecurity #Linux #PAM #incident

Latest comments

No comments yet.