- A rootkit is being used by Skidmap to hide its cryptocurrency mining activities.
- Cryptojacking campaigns and ransomware attacks have increased by 29% in Q1 2019.
Augusto Remillano II and Jakub Urbanec recently announced in a Trend Micro post that they have come across new Linux malware. The analysts reported in the security intelligence blog that the malware loads malicious kernel modules to hide its cryptocurrency mining operations.
According to the analysts, a rootkit is being used by Skidmap to hide its cryptocurrency mining activities. It is a program that installs and executes code on a system without end-user consent or knowledge. This makes its malware components undetectable by the infected system’s monitoring tools. Apart from conducting a cryptojacking campaign, the malware reportedly provides attackers with “unfettered access” to the affected system. The analysts said:
“Skidmap also sets up a way to gain backdoor access to the machine and also replaces the system’s pam_unix.so file with its own malicious version. This malicious file accepts a specific password for any users, thus allowing the attackers to log in as any user in the machine.”
Cryptojacking is an industry term given to crypto-mining attacks that are carried out by installing malware to infect a computer. The malware is used to acquire access to a computer’s processing power for mining cryptocurrencies without letting the owner know. McAfee Labs, a cybersecurity company, released a threat report in August. The company pointed out a rise in cryptojacking campaigns and ransomware attacks in Q1 2019. According to the report, cryptojacking campaigns have increased by 29%.