Malware, Threat Intelligence

New Plague backdoor sets sights on Linux systems

Threat actors have been targeting Linux systems with the novel Plague backdoor that conceals itself as a nefarious Pluggable Authentication Module and enables both authentication bypass and persistent SSH access, Security Affairs reports.

Despite initially including XOR encryption alone, later iterations of Plague have been integrated with custom KSA/PRGA-like routines and a deterministic random bit generator layer that prevents malware analysis, according to findings from Nextron Systems researchers. Aside from anti-debugging capabilities, Plague has also been built in with SSH session sanitization and shell history redirection to /dev/null features in a bid to bolster stealth and persistence. "The Plague backdoor represents a sophisticated and evolving threat to Linux infrastructure, exploiting core authentication mechanisms to maintain stealth and persistence. Its use of advanced obfuscation, static credentials, and environment tampering makes it particularly difficult to detect using conventional methods," researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds