A new Linux malware that keeps its cryptocurrency mining operations hidden was discovered by two threat analysts.
Augusto Remillano II and Jakub Urbanec on September 16th revealed in a post on Trend Micro, a security intelligence blog, that they found new Linux malware. The analysts say this malware is notable because of the way it loads malicious kernel modules to hide its cryptocurrency mining operations.
The analysts revealed that Skidmap masks its cryptocurrency mining by utilizing a rootkit, which is a program that installs and executes code on a system without end user consent or knowledge. This makes its malware components undetectable by the infected system’s monitoring tools.
Apart from running a cryptojacking campaign on the infected machine, the malware reportedly gives attackers “unfettered access” to the affected system. The analysts said:
“Skidmap also sets up a way to gain backdoor access to the machine, and also replaces the system’s pam_unix.so file with its own malicious version. This malicious file accepts a specific password for any users, thus allowing the attackers to log in as any user in the machine.”
Cryptojacking is a term for stealth crypto mining attacks which works by gaining access to a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.