Wednesday, April 24, 2024

Linux Malware Skidmap Uses kernel-mode Rootkits to Hide Cryptocurrency Mining Activities

Skidmap is a recent sample of the Linux malware that loads malicious kernel modules to hide it’s Cryptocurrency mining activities by faking network traffic and CPU usage.

The malware not only generates Cryptocurrency, but it also set’s up a secret master password on the infected system, which gives attackers complete system access.

Security researchers from Trend Micro observed the Linux Malware, Skidmap. According to their analysis of the malware, “it loads kernel-mode rootkits are not only more difficult to detect compared to its user-mode counterparts — but attackers can also use them to gain unfettered access to the affected system.”

Linux Malware Skidmap Infection Chain

The malware install’s through crontab, a utility used in Unix-like machines to schedule the job to run at regular time intervals. Upon installation, it downloads multiple binaries to the infected machine which affects the machine’s security settings.

Skidmap also set’s up backdoor access to the machine, besides backdoor, it creates another way also to gain unrestricted access to the system by setting a master password, which let attackers log in the system as any user.

Linux Malware Skidmap
Skidmap Infection Chain Source: Trend Micro

If the binary checks determine the infected system using Debian or RHEL/CentOS, then it drops cryptocurrency miner and additional components depend upon the operating system.

Notable Malicious Components

The Linux malware includes malicious components to evade its malicious activities and ensure they continue to run them in the infected machine.

A fake “rm” binary – Set’s malicious corn job task to download and execute a file.

kaudited – Drops Kernel modules and watchdog component to monitor the cryptocurrency miner file and process.

iproute – Used to hide files and fake network traffic.

netlink – Fakes network-related statistics and CPU-related statistics.

When compared with other malware, Skidmap employes advanced method to remain undetected and creates multiple ways for attacks to connect with the infected machine.

EvilGnome is yet another Linux malware observed recently with the capabilities of creating a backdoor and spying the Linux desktop users.

Indicators of Compromise


You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Phishing Attacks Rise By 58% As The Attackers Leverage AI Tools

AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create...

Multiple MySQL2 Flaw Let Attackers Arbitrary Code Remotely

The widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code...

CoralRaider Hacker Evade Antivirus Detections Using Malicious LNK File

This campaign is observed to be targeting multiple countries, including the U.S., Nigeria, Germany,...

Spyroid RAT Attacking Android Users to Steal Confidential Data

A new type of Remote Access Trojan (RAT) named Spyroid has been identified.This...

Researchers Uncover that UK.GOV Websites Sending Data to Chinese Ad Vendor Analysts

Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites...

Ransomware Victims Who Opt To Pay Ransom Hits Record Low

Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members...

IBM Nearing Talks to Acquire Cloud-software Provider HashiCorp

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles