Trend Micro researchers have discovered a new one malware that hits Linux and deals with cryptocurrency mining. In other words, it leverages the computing power of the victim's computer to generate virtual currency destined for the portfolios of its authors. He was baptized Skidmap and operates in a rather articulated way.
Skidmap, the crypto malware on Linux
As can be seen in the summary chart attached below, the infection occurs through crontab, a standard Unix system process that deals with managing recurring operations. Later it is installed malicious code that first of all deactivates some security settings, so that mining can be started without an anomalous use of resources being identified. To make its action as unobserved as possible, Skidmap also alters the statistics relating to CPU usage and network traffic.
Finally, the system file is replaced pam_unix.so authentication manager with an altered version, thus providing the authors of the attack with the possibility of access the machine as if it were one of the legitimately authorized users.
According to Trend Micro, this articulated practice makes Skidmap a lot difficult to eradicate, since the malware is designed to install itself again after removal. The advice to stay safe is to keep the terminals up to date. At the moment it is not given to know which cryptocurrency is generated, whether Bitcoin or other.