1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • New malware avoids antivirus detection, unleashes a "plague" on y

    From TechnologyDaily@1337:1/100 to All on Tue Aug 5 15:15:08 2025
    New malware avoids antivirus detection, unleashes a "plague" on your devices

    Date:
    Tue, 05 Aug 2025 14:12:00 +0000

    Description:
    The Plague is a highly capable Linux backdoor which somehow remained hidden for a year.

    FULL STORY ======================================================================Nextron Systems found a malicious Pluggable Authentication Module They named it
    Plague after finding pop culture references The malware is capable of
    wreaking havoc across high-value targets

    Security researchers have found a piece of highly capable Linux malware which somehow flew the radar for a year.

    Nextron Systems reported finding Plague, a malicious Pluggable Authentication Module (PAM) that grants attackers persistent, covert access to compromised systems.

    The Plague backdoor represents a sophisticated and evolving threat to Linux infrastructure, exploiting core authentication mechanisms to maintain stealth and persistence, the researchers explained. Its use of advanced obfuscation, static credentials, and environment tampering makes it particularly difficult to detect using conventional methods. Manual inspection

    The malware was named Plague after finding a reference to Mr. Plague, a character from the 1995 movie Hackers , in its code.

    The researchers said that multiple samples were uploaded to VirusTotal over the past year, yet none were flagged as malicious, which could indicate the backdoor managed to evade public scrutiny and antivirus detection.

    Plague integrates deeply into the authentication stack, survives system updates, and leaves minimal forensic traces, the experts explained.

    It employs evolving string obfuscation techniques, including XOR, KSA/PRGA-like routines, and DRBG layer. It also features anti-debugging
    checks and session stealth mechanisms that erase all traces of activity. Compiler metadata also showed that it is in active development.

    For cybercriminals, there are multiple benefits to malware hiding inside PAM systems.

    According to a CyberInsider report, Plague can steal login credentials,
    making it particularly dangerous on high-value Linux systems such as bastion hosts, jump servers, and cloud infrastructure.

    A compromised bastion host or jump server can provide attackers with a foothold to move laterally across internal systems, escalate privileges, or exfiltrate sensitive data, the publication argues.

    Furthermore, a compromised cloud environment could grant the attackers access to multiple virtual machines or services all at once.

    Since Plague is still not being flagged by the best antivirus tools, Nextron advises admins to manually inspect their devices, including auditing the /lib/security directory for shady PAM modules, monitoring PAM configuration files in /etc/pam.d/ for changes, and looking for suspicious logins in authentication logs.

    Via The Register You might also like A new Linux backdoor is hitting US universities and governments Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/new-malware-avoids-antivirus-detection- unleashes-a-plague-on-your-devices


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)