A SSH PAM module and a dedicated ssh session that cleans up after itself.
That is scary.
However, it still requires root access to install itself, and mitigation against that should be practically reflexive for anybody running a Linux machine open to the world. I wonder why these articles always fail to mention that. I guess it doesn’t make good sensationalism.
With more people adapting Linux you’re bound to have more non tech savvy people that will allow anything to happen on their system. Prompt for password appears and they just put it in without any regards for what will happen next.
Not surprised. It looks like it’s really just a malicious configuration more than anything.
Fortunately, I’m pretty sure you already have to be root to modify PAM.
I love a good nasty backdoor from time to time
