Safety And Security

Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload

Trend Micro

Skidmap, a Linux malware that we recently stumbled upon, demonstrates the increasing complexity of recent cryptocurrency-mining threats. This malware is notable because of the way it loads malicious kernel modules to keep its cryptocurrency mining operations under the radar.

These kernel-mode rootkits are not only more difficult to detect compared to its user-mode counterparts — attackers can also use them to gain unfettered access to the affected system. A case in point: the way Skidmap can also set up a secret master password that gives it access to any user account in the system. Conversely, given that many of Skidmap’s routines require root access, the attack vector that Skidmap uses — whether through exploits, misconfigurations, or exposure to the internet — are most likely the same ones that provide the attacker root or administrative access to the system.

The post Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload appeared first on .

Multimedia
All Other Multimedia:
image/jpeg iconMalware-200x125_13.jpg (4.01 KB)

Language:
English

read more