New Linux Malware Mines Crypto While Remaining Undetectable

Published at: Sept. 16, 2019

Two threat analysts recently stumbled upon new Linux malware that keeps its cryptocurrency mining operations hidden.

On Sept. 16, Augusto Remillano II and Jakub Urbanec revealed in a post on Trend Micro, a security intelligence blog, that they found new Linux malware. According to the analysts, this malware is particularly notable because of the way it loads malicious kernel modules to hide its cryptocurrency mining operations.

Malware provides hackers full access to infected machine

The analysts revealed that Skidmap masks its cryptocurrency mining by utilizing a rootkit, which is a program that installs and executes code on a system without end user consent or knowledge. This makes its malware components undetectable by the infected system’s monitoring tools.

Besides running a cryptojacking campaign on the infected machine, the malware reportedly gives attackers “unfettered access” to the affected system. The analysts add:

“Skidmap also sets up a way to gain backdoor access to the machine, and also replaces the system’s pam_unix.so file with its own malicious version. This malicious file accepts a specific password for any users, thus allowing the attackers to log in as any user in the machine.”

Cryptojacking campaigns up by 29%

Cryptojacking is an industry term for stealth crypto mining attacks which work by installing malware or otherwise gaining access to a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

In August, cybersecurity company McAfee Labs released a threat report, in which it noted an increase in cryptojacking campaigns and ransomware attacks in Q1 2019. According to the report, cryptojacking has been on the rise, with a 29% increase in cryptojacking campaigns.

Tags
Related Posts
‘Invisible God’ Amassed Millions Selling Corporate Data
A new report shows that a Kazakhstani hacker built a million dollar fortune by breaching private networks and selling their data. Researchers at threat intelligence company, Group-IB, said that the hacker, who operates under the pseudonym “Fxmsp,” began promoting their services across darknet. They posted data for sale on hacking-related forums, offering valuable resources stolen from private corporate networks. Some customers have taken to calling the hacker “The invisible god of networks.” Millionaire profits for Fxmsp According to the report, the magnitude of Fxmsp’s cybercriminal business is enormous. They reportedly accumulated $1.5 million in profits over three years by targeting …
Technology / June 24, 2020
Law Enforcement’s Guide to Policing Crypto Cybercrimes
2019 demonstrated that cyber-attacks are getting more numerous in the cryptocurrency industry, while hardware remains vulnerable and high-profile data leaks are becoming more common. Even worse, the trend is a continuing one. Way back in June 2018, Kaspersky Lab security experts reported an increase in the amount of malware targeting the cryptocurrency market. They noted a trend toward the spread of two types of malware: for hacking cryptocurrency wallets and for malicious Bitcoin (BTC) mining. As cybercrimes using digital money have begun to affect more countries and involve more advanced technologies, entire states and government organizations have come to grips …
Blockchain / Feb. 19, 2020
Malware Shellbot is Now Capable of Shutting Down Other Miners
The Shellbot cryptojacking malware has gone through an update and come out with some new capabilities, technology news website TechCrunch reported on May 1. Per the report, these findings come from Boston-based cybersecurity firm Threat Stack. The company claims that Shellbot, which was first discovered in 2005, has received a major update. The original Shellbot was capable of brute-forcing the credentials of SSH remote access services on Linux servers protected by weak passwords. The malware then mines privacy-focused monero (XMR). Threat Stack claims that this new-and-improved version is capable of spreading through an infected network and shutting down other miners …
Blockchain / May 1, 2019
New Linux-Targeting Crypto-Mining Malware Combines Hiding and Upgrading Capabilities
Japanese multinational cybersecurity firm Trend Micro has detected a new strain of crypto-mining malware that targets PCs running Linux, according to a report published Nov. 8. The new strain is reportedly able to hide the malicious process of unauthorized cryptocurrency-mining through users’ CPU by implementing a rootkit component. The malware itself, detected by Trend Micro as Coinminer.Linux.KORKERDS.AB, is also reportedly capable of updating itself. According to the report, the combination of hiding and self-upgrading capabilities gives the malware a great advantage. While the rootkit fails to hide the increased CPU usage and the presence of a running crypto-mining malware, it …
Blockchain / Nov. 13, 2018
Crypto Mining Malware up Over 4,000% in 2018, Says McAfee Report
Cryptojacking malware activity rose by over 4000 percent in 2018, according to a new quarterly report published by cyber security firm McAfee Labs, Dec. 18. Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The McAfee statistic of over 4000 percent specifically refers to total instances of a cryptojacking malware, referred to in the study as “coin miner.” The report extends to a range of new crypto mining malware threat vectors, which notably include a spike in new malware targeting Internet of Things (IoT) devices: “New [mining] malware targeting …
Blockchain / Dec. 20, 2018