Experts Comments Linux Malware (Skidmap) Illicit Cryptocurrency Mining

As part of our experts’ comment series, please find below comments from security experts on Linux malware (Skidmap) disguising itself on infected machines for the purpose of unlawful cryptocurrency mining,  

Experts Comments

September 25, 2019
Dr. Muhammad Malik
Editor-in-Chief
Information Security Buzz
Cryptocurrency mining malware is still a prevalent threat in 2019 and Cybercriminals are devising new ways to make a profit from these malware. The Skidmap is one of the recent examples, which hides inside the kernel to hide illicit cryptocurrency mining. This new kernel-mode is much more difficult to detect compared to its previous user-mode counterparts which show malware are getting smarter day by day. The main steps in Skidmap infection chain are: 1) Installation via crontab, 2) Download .....Read More
Cryptocurrency mining malware is still a prevalent threat in 2019 and Cybercriminals are devising new ways to make a profit from these malware. The Skidmap is one of the recent examples, which hides inside the kernel to hide illicit cryptocurrency mining. This new kernel-mode is much more difficult to detect compared to its previous user-mode counterparts which show malware are getting smarter day by day. The main steps in Skidmap infection chain are: 1) Installation via crontab, 2) Download and Execute main library, 3) Disable or change SELinux policy, 4) Open up backdoor access, 5) Check the infected system: Debian or EHEL/Centos and finally 6) Download and execute cryptocurrency miner and other malicious components. It is important to understand the character of a particular malware family and it’s Indicator of compromise. A CPU high utility is a well-known indicator of crypto mining but in Skidmap’s case, the traffic information is faked to make CPU usage always appear low. It is important to keep applications and operation systems patched to the latest level and search for existing signs of the indicated Skidmap's IoCs in your environment and block all URL and IP based IoCs at the perimeter gateway.  Read Less
September 18, 2019
Casey Ellis
CTO and Founder
Bugcrowd
The sheer amount of work put into commodity malware that targets Linux is what I find interesting about Skidmap. This is a very thoughtful set of obfuscations and concealments more typical of "spray-and-pray" cryptominers targeting Windows or Mac operating systems - or of more customized, targeted Linux malware that’s unlikely to be a part of a campaign like this one. Over the last several months, we’ve seen more evidence that suggests that attackers are continuing to increase their focus.....Read More
The sheer amount of work put into commodity malware that targets Linux is what I find interesting about Skidmap. This is a very thoughtful set of obfuscations and concealments more typical of "spray-and-pray" cryptominers targeting Windows or Mac operating systems - or of more customized, targeted Linux malware that’s unlikely to be a part of a campaign like this one. Over the last several months, we’ve seen more evidence that suggests that attackers are continuing to increase their focus on Linux as a vehicle to obtain access to compute and bandwidth resources.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts