Recently, two threat analysts found a new Linux malware that keeps their cryptocurrency mining operations hidden on the affected computers.
In a publication made on September 16 in the security intelligence blog Trend Micro, Augusto Remiliano II and Jakub Urbanec reported the discovery of this new malware that affects Linux operating system. According to both analysts, this malware can be noticed due to the way it loads malicious kernel modules to hide its cryptocurrency mining operations.
This malware, called Skidmap, masks its cryptocurrency mining through a rootkit, which is a program that installs and executes code on a system without end user’s knowledge or consent. In this way, malware components cannot be detected by the infected system monitoring tools.
Skidmap not only executes a cryptojacking campaign on the infected machine, but also gives attackers unrestricted access to the affected system.
According to Remiliano II and Urbanec, Skidmap also establishes a way to gain access to the machine, replacing the pam_unix.so file of the system with its own malicious version. This malicious file accepts a specific password for any user, which allows attackers to log in as if it were any other user on the infected machine.
It should be noted that cryptojacking campaigns and ransomware attacks have been increasing during the current year. According to a threat report published in August by cybersecurity company McAfee Labs, cryptojacking campaigns have increased by up to 29%.