Skidmap, Linux Malware Mining Cryptocurrency in Disguise
A new strain of Linux malware has been discovered by security researchers, which is configured to carry out a multitude of malicious activities besides just illegally mining cryptocurrency; by using a "secret master password" it provides hackers the universal access to the system.
Skidmap, Linux malware demonstrates the increased convolutions in Cryptocurrency mining malware and prevalence of the corresponding threats.
In order to carry out its cryptocurrency mining in disguise, Skidmap forges CPU-related statistics and network traffic, according to TrendMicro's recent blog on the subject.
Highlighting the advanced methods used by Skidmap, researchers at TrendMicro said, "Skidmap uses fairly advanced methods to ensure that it and its components remain undetected. For instance, its use of LKM rootkits — given their capability to overwrite or modify parts of the kernel — makes it harder to clean compared to other malware."
“Cryptocurrency-mining threats don’t just affect a server or workstation’s performance — they could also translate to higher expenses and even disrupt businesses especially if they are used to run mission-critical operations,” reads the blog.
How the infection takes place?
It starts in 'crontab', which is a standard Linux process which is responsible for periodically scheduling timed tasks in Unix-like systems. After that, Skidmap installs various malicious binaries and then the security settings of the affected machine are being minimized to start the cryptocurrency mining smoothly.
As the cryptocurrency miners generate digital money for the hackers, they are being monitored by some additional binaries put into the system for the same.
To stay guarded against the aforementioned Cryptocurrency mining malware, admins are advised to update and patch their servers and machines ,and be alert to unverified repositories.
from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2Qptsmm