Hackers drop rogue Apache modules and SSH backdoors on web servers

A group of hackers that are infecting web servers with rogue Apache modules are also creating backdoors to Secure Shell (SSH) services in order to steal log-in credentials from administrators and users.

The hackers are replacing all of the SSH binary files on the compromised servers with backdoor-equipped versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from web security firm Sucuri said in a blog post.