New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

Source: The Hacker News

New Linux PamDOORa Backdoor

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cyber‑crime forum for $1,600 by a threat actor called “darkworm.”

The backdoor is designed as a Pluggable Authentication Module (PAM)‑based post‑exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.