SKidmap Malware Mining Crypto By Creating Malign Linux Module

SKidmap Malware Mining Crypto By Creating Malign Linux Module

Cybersecurity researcher TrendMicro has found a malware based on Linux called Skidmap is capable of illicit cryptocurrency mining activities. As per the researcher the new Linux malware mines crypto by creating a malicious loadable kernel module to stay under the wraps. As the malware utilizes Linux kernel module rootkits, it becomes difficult to detect and patch it. This is because of its overwriting and modification of kernel parts capabilities.

How Skidmap Malware Work?

This malware comes with several backdoors, and it can affect the system and can create a secret master password for unauthorized access.

Affected OS

Recently this malware was found in which machines are based on Debian or RHEL/Cent OS.

Credit: TrendMicro

For a Debian-based system, it infects the system by saving the crypto miner payload to “/tmp/miner2”. An RHEL/CentOS-based system gets its crypto miner payload and other components in the form of a tar file from the URL “hxxp://pm[.]ipfswallet[.]tk/cos7[.]tar[.]gz.”

Malicious Components

These components include a fake “rm” binary, a kaudited binary to install several LKMs, an Iproute module, and a Netlink rootkit used to fake network stats.

Must Read: Hack Possible Titan Security Key Says By Google

 

Post Updated On

Leave a Comment