Two threat analysts recently stumbled upon new Linux malware that keeps its cryptocurrency mining operations hidden.
On Sept. 16, Augusto Remillano II and Jakub Urbanec revealed in a post on Trend Micro, a security intelligence blog, that they found new Linux malware. According to the analysts, this malware is particularly notable because of the way it loads malicious kernel modules to hide its cryptocurrency mining operations.
Malware provides hackers full access to infected machine
The analysts revealed that Skidmap masks its cryptocurrency mining by utilizing a rootkit, which is a program that installs and executes code on a system without end user consent or knowledge. This makes its malware components undetectable by the infected system’s monitoring tools.
Besides running a cryptojacking campaign on the infected machine, the malware reportedly gives attackers “unfettered access” to the affected system. The analysts add:
“Skidmap also sets up a way to gain backdoor access to the machine, and also replaces the system’s pam_unix.so file with its own malicious version. This malicious file accepts a specific password for any users, thus allowing the attackers to log in as any user in the machine.”
Cryptojacking campaigns up by 29%
Cryptojacking is an industry term for stealth crypto mining attacks which work by installing malware or otherwise gaining access to a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.
In August, cybersecurity company McAfee Labs released a threat report, in which it noted an increase in cryptojacking campaigns and ransomware attacks in Q1 2019. According to the report, cryptojacking has been on the rise, with a 29% increase in cryptojacking campaigns.