In a surprising turn of events, a pair of threat analysts discovered a new Linux malware that operated by keeping its cryptocurrency mining events hidden under the radar. The revelation was made in a blog post on a security intelligence web blog by Augusto Remillano II and Jakub Urbanec.
Skidmap Makes Use of Rootkit for System Attacks
The analysts stated in the blog post that this specific case of malware, Skidmap, operates by loading infected kernel modules to get away with its fraudulent cryptocurrency mining operations. Skidmap hides its cryptocurrency mining operations by making use of a rootkit, a program that doesn’t require user consent or approval to install and execute code. No user authorization makes the components of the malware untraceable by the systems monitoring devices. These rootkits are also much harder to detect in the infected system.
In addition to operating a cryptojacking program on the infected device, Skidmap also gives its attackers “unfettered access” on the infected system. Skidmap has also maneuvered its way around to gain Blackfoot entry into the infected system along with replacing the device’s pam_unix.so file with its fraudulent version. The infected file accepts only a specific password for its users thus providing the attackers access to log in as any user on the machine.
Reported Surge in Cryptojacking Campaigns
It has been reported by McAfee Labs in their threat report that cryptojacking campaigns and ransomware attacks recorded a huge surge in their numbers in the first quarter of 2019. The report stated a 29% surge in cryptojacking attacks around the world. Cryptojacking is a term for crypto mining attacks which operate by installing malicious malware on devices or by gaining access to a system’s processing power for illegal unauthorized cryptocurrency mining, a plague that is fast becoming a menace for the crypto community.