Saturday, March 6, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Skidmap malware buries into the kernel to hide illicit cryptocurrency mining

September 17, 2019
in Internet Security
Skidmap malware buries into the kernel to hide illicit cryptocurrency mining
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A scanner app with 100 million downloads starts to deliver malware
An Android Google play app, available since 2010, has recently started installing malware.

A form of malware stumbled upon by researchers makes use of rootkits to bury itself undetected in Linux systems for the purpose of cryptocurrency mining. 

You might also like

Zigbee inside the Mars Perseverance Mission and your smart home

FTC joins 38 states in takedown of massive charity robocall operation

Accellion zero-day claims a new victim in cybersecurity company Qualys

On Monday, threat analysts Augusto Remillano and Jakub Urbanec from Trend Micro said the Linux malware, dubbed Skidmap, is loaded with kernel-mode rootkits designed to obfuscate its presence on an infected system as well as provide attackers with limitless access to the machine’s resources. 

Once a vulnerable Linux system has been sourced, Skidmap installs itself via crontab, a time-based job scheduler. 

An installation script will download the main Trojan payload, which will proceed to turn Security-Enhanced Linux (SELinux) modules to a ‘permissive’ state to reduce the overall security level of a machine. 

See also: US government demands data on thousands of gun scope app users

“If the system has the /etc/selinux/config file, it will write these commands into the file: SELINUX=disabled and SELINUXTYPE=targeted commands,” Trend Micro says. “The former disables the SELinux policy (or disallows one to be loaded), while the latter sets selected processes to run in confined domains.”

A backdoor is then created by adding its operator’s public key to the authorized_keys file on a Linux system. 

Another module used for Unix authentication is replaced with a malicious version that permits a specific, ‘master’ password to be accepted for any user registered with the compromised machine. Attackers are then able to masquerade as any user — with any level of privilege — they choose. 

The cryptocurrency mining component of Skidmap will drop either as standalone software or as an encrypted .tar.gz file depending on whether the target machine is Debian or RHEL/CentOS. 

CNET: The pivot to privacy could come with a $100 million grant

One of the most interesting features of this malware is its handling of the kernel. Many of Skidmap’s routines ask for root access, and so kernel-mode rootkits are used to provide the access required — as well as to make sure infections and mining activity are more difficult to detect.

A file installed as /usr/bin/kaudited will drop and install loadable kernel modules (LKMs), and different modules are used depending on the kernel to make sure an infected machine won’t crash when tampered with. 

In particular, one rootkit will fake network traffic and CPU-related statistics to make it appear that the machine is clean. This will include the creation of sham traffic involving particular ports, IP addresses, CPU loads and processes. 

TechRepublic: Companies still unprepared for GDPR rule changes and potential EU data breaches

A CPU with a heavy load is a well-known indicator of cryptocurrency mining as the power used to work out the mathematical puzzles required to secure digital coins is generally high. In Skidmap’s case, traffic information is faked to make CPU usage always appear low. 

In addition, the malware is equipped with modules able to monitor cryptocurrency mining processes, hide specific files, and set up malicious cron jobs for executing other malicious files. 

The use of rootkits is an interesting development in the world of Linux-based cryptocurrency mining. Another recently-discovered Trojan sample, called InnfiRAT, was found to contain functionality specifically designed for the theft of cryptocurrency-related wallet credentials on infected machines.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Thousands of Google Calendars Leaking Private Information Online

Next Post

Digital Matrix Systems and ZestFinance ring machine learning to cre...

Related Posts

Zigbee inside the Mars Perseverance Mission and your smart home
Internet Security

Zigbee inside the Mars Perseverance Mission and your smart home

March 6, 2021
FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Next Post
Digital Matrix Systems and ZestFinance ring machine learning to cre…

Digital Matrix Systems and ZestFinance ring machine learning to cre...

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Zigbee inside the Mars Perseverance Mission and your smart home
Internet Security

Zigbee inside the Mars Perseverance Mission and your smart home

March 6, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
Autonomous Cars And Minecraft Have This In Common  
Artificial Intelligence

Autonomous Cars And Minecraft Have This In Common  

March 5, 2021
The ML Times Is Growing – A Letter from the New Editor in Chief – Machine Learning Times
Machine Learning

Explainable Machine Learning, Model Transparency, and the Right to Explanation « Machine Learning Times

March 5, 2021
FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Zigbee inside the Mars Perseverance Mission and your smart home March 6, 2021
  • Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked! March 6, 2021
  • Autonomous Cars And Minecraft Have This In Common   March 5, 2021
  • Explainable Machine Learning, Model Transparency, and the Right to Explanation « Machine Learning Times March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates