5 matches found
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant , says it backdoored the PAM and OpenSSH components that decide who is allowed to sign i...
New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built as a malicious PAM Pluggable Authentication Module, enabling attackers to silently bypass system authentication and gain persistent S...
D3m0n1z3dShell - Demonized Shell Is An Advanced Tool For Persistence In Linux
Demonized Shell is an Advanced Tool for persistence in linux. Install git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.git cd D3m0n1z3dShell chmod +x demonizedshell.sh sudo ./demonizedshell.sh One-Liner Install Download D3m0n1z3dShell with all files: curl -L...
Beurk - Experimental Unix Rootkit
BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection. NOTE: BEURK is a recursive acronym for B EURK E xperimental U nix R oot K it Features Hide attacker files and directories Realtime log cleanup on utmp/wtmp Anti process and login detectio...
[Azazel] Userland Anti-debugging & Anti-detection Rootkit
Azazel is a userland rootkit based off of the original LDPRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hid...