A cybersecurity research team from TrendMicro has found a Linux malware known as Skidmap that can illegally mine cryptocurrency. This malware strain can also give cyber criminals universal access to any infected system.
One of the Red flags of illicit crypto mining is excess CPU usage, but Skidmap cannot be traced this way. The malware employs a self-defense mechanism to conceal its activities. Skidmap masks its illegal crypto mining by generating massive network traffic and other processor related data.
According to the cybersecurity team, Skidmap is a pure demonstration of how complex illicit crypto mining has become.
How does this illegal crypto mining malware work?
The first thing that Skidmap check before installing the miners in which the machine is using Linux OS. This helps in creating a crippling security binary which is compatible with the operating system on the computer.
The malware infection happens through a process which schedules timed Jobs in a Unix-like system. It then goes on to install a malicious binary which cripples the hacked machine’s security settings so that it can be able to mine without any hurdles.
It then proceeds to add more binaries to the machine, which monitor the miners as they generate crypto.
Unlike other malware, Skidmap is hard to cure because it uses rootkits known as Linux Kernel Module rootkits, that can overwrite part of the operating system under attack. Additionally, the malware is created in such a way that it attacks those machines that have previously been infected by other Viruses.
To protect self from a Skidmap attack, the cybersecurity team from TrendMicro advised administrators to ensure that their systems are updated and patched. The team also recommended that admins should not grant high-level access to programs on their computers, but instead enforce the “principle of least privilege.” This will help prevent malware from gaining access to essential system processes.
The cybersecurity team did not mention what currencies this malware could mine. We will have to wait to get updates on what cryptocurrencies the malware can generate.
You might also be interested in: