Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor (www.theregister.com)

submitted 1 month ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

top 4 comments

sorted by: hot top new old

[-] [email protected] 21 points 1 month ago

A SSH PAM module and a dedicated ssh session that cleans up after itself.

That is scary.

However, it still requires root access to install itself, and mitigation against that should be practically reflexive for anybody running a Linux machine open to the world. I wonder why these articles always fail to mention that. I guess it doesn't make good sensationalism.

[-] [email protected] 4 points 1 month ago

With more people adapting Linux you're bound to have more non tech savvy people that will allow anything to happen on their system. Prompt for password appears and they just put it in without any regards for what will happen next.

[-] [email protected] 20 points 1 month ago

Not surprised. It looks like it's really just a malicious configuration more than anything.

Fortunately, I'm pretty sure you already have to be root to modify PAM.

[-] [email protected] 1 points 1 month ago

I love a good nasty backdoor from time to time

this post was submitted on 05 Aug 2025

58 points (93.9% liked)

Linux

9458 readers

300 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of [email protected] and The GIMP

founded 2 years ago

MODERATORS

[email protected]