Linux and Tech News

2048 readers

19 users here now

This is where all the News about Linux and Linux adjacent things goes. We'll use some of the articles here for the show! You can watch or listen at:

You can also get involved at our forum here on Lemmy:

User Space Forum

Or just get the most recent episode of the show here:

The Show

founded 2 years ago

MODERATORS

leo@lemmy.linuxuserspace.show

New Plague Linux malware stealthily maintains SSH access (www.bleepingcomputer.com)

submitted 1 day ago by leo@lemmy.linuxuserspace.show to c/news@lemmy.linuxuserspace.show

2 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] ExtremeDullard@lemmy.sdf.org 3 points 1 day ago* (last edited 1 day ago) (1 children)

Calm down.

This malware is a PAM module. Someone with root privileges has to install it.

If you're a random Linux user who doesn't know what PAM is, you have no reason to install it.

If you're a sysadmin and you know what PAM is, you'd need to be diddling in the PAM stack for some reason, and if you come across that one, you're not very likely to install it unless you really, really don't know what you're doing.

The only way it could be distributed to a lot of Linux machines is through a supply chain attack, and I'm pretty certain major distros watch very carefully any patches they onboard in ultra-sensitive system bits like PAM.

[–] XTL@sopuli.xyz 1 points 23 hours ago

One more path for malware is that the system has a root hole and this is where the exploit hides the malware.

Or a hostile actor gets their hands on an unencrypted hard drive and installs this when the owner isn't looking.