Researchers Find a Dozen Undocumented OpenSSH Backdoors
December 10, 2018 / Ionut Arghire
ESET security researchers have discovered 12 new OpenSSH backdoor families that haven’t been documented before. The Secure Shell (SSH) network protocol allows the remote connection of computers and devices. The portable version of OpenSSH is implemented in almost all Linux distributions, and attackers looking to maintain persistence in compromised Linux servers usually backdoor the installed OpenSSH server and client. With the OpenSSH code freely available, it is easy for attackers to build backdoored versions, ESET explains in a recent report (PDF). Furthermore, OpenSSH allows attackers to stay undetected, while the fact that the OpenSSH daemon and client see passwords in clear text helps attackers steal credentials. During a hunt for in-the-wild OpenSSH backdoors (kicked off by the Windigo operation four years ago), ESET’s researchers discovered samples into 21 different OpenSSH malware families, including 12 of which haven’t been documented before.