Cybersecurity researcher TrendMicro has found a malware based on Linux called Skidmap is capable of illicit cryptocurrency mining activities. As per the researcher the new Linux malware mines crypto by creating a malicious loadable kernel module to stay under the wraps. As the malware utilizes Linux kernel module rootkits, it becomes difficult to detect and patch it. This is because of its overwriting and modification of kernel parts capabilities.
How Skidmap Malware Work?
This malware comes with several backdoors, and it can affect the system and can create a secret master password for unauthorized access.
Recently this malware was found in which machines are based on Debian or RHEL/Cent OS.
For a Debian-based system, it infects the system by saving the crypto miner payload to “/tmp/miner2”. An RHEL/CentOS-based system gets its crypto miner payload and other components in the form of a tar file from the URL “hxxp://pm[.]ipfswallet[.]tk/cos7[.]tar[.]gz.”
These components include a fake “rm” binary, a kaudited binary to install several LKMs, an Iproute module, and a Netlink rootkit used to fake network stats.