Groups | Search | Server Info | Login | Register

Groups > alt.os.linux.ubuntu > #212560

Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

From rbowman <bowman@montana.com>
Newsgroups alt.os.linux.mint, alt.os.linux.ubuntu
Subject Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Date 2026-05-10 19:01 +0000
Message-ID <n6c30lF5sg9U6@mid.individual.net> (permalink)
References <n6a6hvFrlkkU1@mid.individual.net> <10tpf61$7iqp$1@dont-email.me>

Cross-posted to 2 groups.

Show all headers | View raw

On Sun, 10 May 2026 09:21:21 +0100, Jeff Layman wrote:

> On 10/05/2026 02:49, Axel wrote:
>> 
>> https://thehackernews.com/2026/05/new-linux-pamdoora-backdoor-uses-
pam.html?m=1
> 
> "Although there is no evidence that the malware has been put to use in
> real-world attacks, infection chains distributing the malware are likely
> to involve the adversary first obtaining root access to the host through
> some other means and deploying the PamDOORa PAM module to capture
> credentials and establish persistent access over SSH."
> 
> How does the adversary gain root access in the first place? The above
> states "are /likely/ to involve...", but
> <https://cybersecuritynews.com/new-pamdoora-backdoor-attacking-linux-
systems/>
> puts it even more strongly:
> "PamDOORa is designed as a post-exploitation tool, meaning the attacker
> must already have root access before deploying it."
> 
> So the attacker /must/ have root access. How do they get that?

Many of the publicized exploits require physical access to the system. 
Should anyone have physical access to my computers I've got a much bigger 
problem than a OS exploit.

Back to alt.os.linux.ubuntu | Previous | NextPrevious in thread | Find similar

Thread

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Axel <none@not.here> - 2026-05-10 11:49 +1000
  Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials CtrlAltDel <Altie@BHam.com> - 2026-05-10 04:20 +0000
    Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Axel <none@not.here> - 2026-05-10 16:04 +1000
      Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials german newsgroups <usualsuspectrider@gmail.com> - 2026-05-10 08:20 +0200
      Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials CtrlAltDel <Altie@BHam.com> - 2026-05-10 07:27 +0000
    Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials PC-3FingerSalute <pc3fs@grand-fenwick.int> - 2026-05-10 11:51 +0100
      Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials CtrlAltDel <Altie@BHam.com> - 2026-05-10 20:46 +0000
        Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Axel <none@not.here> - 2026-05-12 08:56 +1000
          Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-12 02:16 +0000
  Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Jeff Layman <Jeff@invalid.invalid> - 2026-05-10 09:21 +0100
    Re: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials rbowman <bowman@montana.com> - 2026-05-10 19:01 +0000

csiph-web