A new malicious software for Linux, which secretly mines cryptocurrencies, hiding its operations, has been revealed. This was reported on September 16 by Augusto REMILLANO II and Jakub URBANEC in a post on Trend Micro, a security intelligence blog. According to analysts, the malware is noteworthy due to the method of downloading malicious kernel modules in order to hide mining operations.
The analysts revealed that Skidmap masks its cryptocurrency mining by utilizing a rootkit, which is a program that installs and executes code on a system without end user consent or knowledge. This makes its malware components undetectable by the infected system’s monitoring tools. Besides running a cryptojacking campaign on the infected machine, the malware reportedly gives attackers “unfettered access” to the affected system. The analysts also add the following:
“Skidmap also sets up a way to gain backdoor access to the machine, and also replaces the system’s pam_unix.so file with its own malicious version. This malicious file accepts a specific password for any users, thus allowing the attackers to log in as any user in the machine.”
Image courtesy of Softpedia