Skidmap, the malware that affects Linux and does cryptomining

Trend Micro researchers have discovered a new one malware that hits Linux and deals with cryptocurrency mining. In other words, it leverages the computing power of the victim's computer to generate virtual currency destined for the portfolios of its authors. He was baptized Skidmap and operates in a rather articulated way.

Skidmap, the crypto malware on Linux

As can be seen in the summary chart attached below, the infection occurs through crontab, a standard Unix system process that deals with managing recurring operations. Later it is installed malicious code that first of all deactivates some security settings, so that mining can be started without an anomalous use of resources being identified. To make its action as unobserved as possible, Skidmap also alters the statistics relating to CPU usage and network traffic.

The operation of Skidmap, the cryptocurrency malware that affects Linux systems

Finally, the system file is replaced pam_unix.so authentication manager with an altered version, thus providing the authors of the attack with the possibility of access the machine as if it were one of the legitimately authorized users.

READ  this time on macOS and Linux

According to Trend Micro, this articulated practice makes Skidmap a lot difficult to eradicate, since the malware is designed to install itself again after removal. The advice to stay safe is to keep the terminals up to date. At the moment it is not given to know which cryptocurrency is generated, whether Bitcoin or other.

Facebook Comments

Michael

My name is Michael, I’m professional software developer and blogger, made this website to share my knowledge about everything what you see here 🙂 haha hope you will like that, and do not forget to follow me on my twitter.

You may also like...