New Linux Malware Mines Cryptos By Using Backdoor: Latest TrendMicro Research
For a long time, Linux users were happy to be free of most malware. Unfortunately, we have been seeing some malware focused on them lately. The latest threat was discovered by TrendMicro and it is called Skidmap.
According to the researchers, this Linux malware mined cryptos without the user knowing by using a secret master password and by masking its mining activities with fake network traffic. As CPU usage is the first red flag of cryptojacking, which is when someone remotely uses your computer to mine tokens, several tactics are employed to cover for it.
Skidmap was said to be a very complex malware, which showcases how these threats are becoming increasingly complex as time passes. Unfortunately, it was not revealed what kind of token was mined by the program.
Initially, the malware installs several malicious files and binaries and then it infects the machine in a way that starts to mine cryptos. A backdoor is also installed to let the operators have more control over the infected computer.
One of the ways in which the hackers get control over the machine is by replacing the pam_unix.so file with a fake one. This enables criminals to log in to the computer whenever they want to. Binaries are also used to monitor illegal mining in real-time and to tweak it to be even more profitable.
It was also revealed that this malware is considered harder than most to be removed, especially because it uses Kernal Module rootkits that basically rewrite some parts of the operating system to work. Because of this, it can even reinfect computers that were already clean.
TrendMicro confirmed that people should always keep their servers updated and patched as a way to escape from this kind of malware and to take care before using third-party programs.