Skidmap, new malware for Linux that uses our computers to cryptocurrency

Skidmap, cryptocurrency malware for Linux

Security researchers have identified a new malware targeting computers using the Linux operating system. His name is skidmap and it would be a crypto mining software common if it weren't for the fact that it also gives attackers universal access to the infected system via a "secret master password." TrendMicro too ensures that malicious software tries to mask its crypto mining work by misleading network traffic and CPU-related statistics.

One of the problems of crypto mining software is related to Resource consumption. When we talk about "cryptocurrency", we are talking about software that performs complex mathematical operations to obtain cryptocurrencies, such as the famous Bitcoin (although they have not given details about which currency this malware mines). The attacker's goal is to create a "supercomputer" (adding as many as he can) that allows him to perform as many operations as possible to get the highest number of credits possible.

Skidmap consumes the resources of the infected computers

Security researchers say that crypto mining is still a real threat and Skidmap is proof of this. Not just because it exists, but because we are facing an evolution of this type of software with greater complexity.

The initial contagion occurs in a Linux process called crontab, a standard process that periodically schedules job times on Unix-like systems. At that time, Skidmap install multiple malicious binaries, the first by reducing the security settings of the infected computer, so that it can start mining cryptocurrencies unopposed. Other binaries join the system to monitor cryptocurrency miners as they work to generate digital money for attackers.

From what the researchers say, skidmap it is more difficult to repair than other similar software, particularly since it uses Linux Kernel Module (LKM) rootkits, which overwrite or modify parts of the operating system kernel. Furthermore, the malware is designed to re-infect systems that have been cleaned or restored.

As many of you may already be thinking, it is recommended that we keep our equipment always well updated to protect us from this new Malmware. Additionally, we must only use software from verified sources, including the repositories we use in our distribution.

Spyware-EvilGnome
Related article:
EvilGnome: a new malware that spies on and affects Linux distributions

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.