Cybercriminals are now exploring new platforms and ways to carry out crypto mining attacks using malicious software (also known as cryptojacking), along with ways to keep the malware undetected.
One of such malware attacks has recently been identified by two threat-analysts. Skidmap, a new Linux malware, is not only capable of keeping the cryptocurrency mining hidden, but gives the attackers a backdoor access to the infected system through a “secret master password.”
The discovery was revealed in blog post by Augusto Remillano II and Jakub Urbanec from the security intelligence firm Trend Micro on September 16. The analysts reported that the Linux malware known as Skidmap, hides its cryptocurrency mining operations and makes it hard for the infected system’s monitoring tools to detect it. It works by loading malicious kernel modules and fakes the statistics of CPU usage and network traffic, which makes the detection of the malware extremely hard.
According to the analysts, Skidmap uses a rootkit which installs malicious code on a system and gains access to its processing power for mining cryptocurrencies without any permission or knowledge of the system’s owner.
Moreover, the malware gives the attackers an unauthorized backdoor access to the affected system by replacing the system’s pam_unix.so file with a malicious file of its own, which is capable of accepting a specific password from anyone and allows them to log in. This way the attackers are able to log in to the system anytime by using the “secret master password.”
Difficult to Treat Crypto Mining Malware
The analysts have warned that it is a lot more complicated to treat Skidmap as compared to other malware, especially because it uses Linux Kernal Module (LKM) rootkits, which are capable of overwriting and modifying the components of kernel operating system. Moreover, it is capable of infecting the treated and restored systems again.
The analysts have suggested that the admins can stay safe from the Linux malware by keeping their servers and systems updated and patched. They should look out for any unverified or third-party software repositories as well.
As reported by a cybersecurity company McAfee Lab in August, there was a notable increase in crypto mining attacks using malicious software in the first half of 2019. The report showed a rise in such crypto mining attacks this year, with an overall increase of 29%.