Comment on New Plague Linux malware stealthily maintains SSH access
ExtremeDullard@lemmy.sdf.org 2 days ago
Calm down.
This malware is a PAM module. Someone with root privileges has to install it.
If you’re a random Linux user who doesn’t know what PAM is, you have no reason to install it.
If you’re a sysadmin and you know what PAM is, you’d need to be diddling in the PAM stack for some reason, and if you come across that one, you’re not very likely to install it unless you really, really don’t know what you’re doing.
The only way it could be distributed to a lot of Linux machine is through supply chain attack, and I’m pretty certain major distros watch very carefully any patches they onboard in ultra-sensitive system bits like PAM.
XTL@sopuli.xyz 2 days ago
One more path for malware is that the system has a root hole and this is where the exploit hides the malware.
Or a hostile actor gets their hands on an unencrypted hard drive and installs this when the owner isn’t looking.