New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

Cybersecurity researchers have revealed a new Linux backdoor called PamDOORa, sold on a Russian cybercrime forum, which exploits Pluggable Authentication Modules (PAM) to steal SSH credentials and enable persistent access through a magic password and specific TCP port. Designed as a sophisticated post-exploitation tool with anti-forensic features, PamDOORa runs with root privileges to capture user credentials and tamper with authentication logs, representing an evolution in Linux PAM-based backdoors.

https://thehackernews.com/2026/05/new-linux-pamdoora-backdoor-uses-pam.html

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top