Ethical Hacking News
Researchers have discovered a new Linux malware known as "Plague" that allows attackers to gain persistent SSH access and bypass authentication on compromised systems. The malware features advanced obfuscation techniques and environment tampering to evade detection, making it a sophisticated threat to Linux infrastructure.
The Plague Linux malware allows attackers to gain persistent SSH access and bypass authentication on compromised systems. The malware features advanced obfuscation techniques, environment tampering, and hardcoded passwords to evade detection by traditional security tools. The malware integrates deeply into the authentication stack, survives system updates, and leaves almost no forensic traces. The Plague backdoor represents a sophisticated and evolving threat to Linux infrastructure, exploiting core authentication mechanisms to maintain stealth and persistence. The creators of the malware have been operating undetected, exploiting the flexibility of the PAM (Pluggable Authentication Modules) Linux authentication infrastructure.
New Plague Linux malware has been discovered by Nextron Systems security researchers, which allows attackers to gain persistent SSH access and bypass authentication on compromised systems. The malware, dubbed "Plague," features advanced obfuscation techniques, environment tampering, and hardcoded passwords to evade detection by traditional security tools.
The researchers found that the malware integrates deeply into the authentication stack, survives system updates, and leaves almost no forensic traces. It actively sanitizes the runtime environment to eliminate evidence of an SSH session, erasing the attacker's digital footprint from system history logs and interactive sessions.
According to Pierre-Henri Pezier, a threat researcher at Nextron Systems, "The Plague backdoor represents a sophisticated and evolving threat to Linux infrastructure, exploiting core authentication mechanisms to maintain stealth and persistence." The malware's use of advanced obfuscation, static credentials, and environment tampering makes it particularly difficult to detect using conventional methods.
Interestingly, multiple variants of the backdoor have been uploaded to VirusTotal over the past year, but none of the antivirus engines have flagged them as malicious. This suggests that the creators of the malware have been operating undetected, exploiting the flexibility of the PAM (Pluggable Authentication Modules) Linux authentication infrastructure.
In May, Nextron Systems discovered another malware exploiting the same vulnerability, which enables its creators to steal credentials, bypass authentication, and gain stealthy persistence on compromised devices. This highlights the ongoing threat landscape in the world of cybersecurity, where attackers are constantly evolving their tactics to evade detection.
The discovery of Plague Linux malware serves as a reminder for organizations to maintain robust security measures, including regular updates, patching, and monitoring of their systems. Additionally, users should be cautious when using public Wi-Fi networks or accessing sensitive information from unsecured connections.
In the context of the cybersecurity industry, this discovery represents an opportunity for researchers and developers to improve their understanding of the vulnerabilities exploited by attackers like Plague. By studying the techniques used by this malware, security professionals can develop more effective countermeasures to prevent similar attacks in the future.
Furthermore, the emergence of advanced threats like Plague Linux malware underscores the importance of staying informed about the latest cybersecurity threats and trends. As the threat landscape continues to evolve, it is essential for organizations and individuals to stay vigilant and take proactive measures to protect themselves against emerging risks.
In conclusion, the discovery of New Plague Linux malware serves as a warning to organizations and individuals alike about the ongoing threat of advanced persistent threats (APTs) in the world of cybersecurity. By understanding the tactics used by attackers like Plague, security professionals can develop more effective countermeasures to prevent similar attacks in the future.
Researchers have discovered a new Linux malware known as "Plague" that allows attackers to gain persistent SSH access and bypass authentication on compromised systems. The malware features advanced obfuscation techniques and environment tampering to evade detection, making it a sophisticated threat to Linux infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Plague-Linux-Malware-A-Stealthy-Menace-to-Linux-Infrastructure-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-plague-malware-backdoors-linux-devices-removes-ssh-session-traces/
https://thehackernews.com/2025/08/new-plague-pam-backdoor-exposes.html
Published: Mon Aug 4 11:20:37 2025 by llama3.2 3B Q4_K_M
