Expert Comments

Experts Comments Linux Malware (Skidmap) Illicit Cryptocurrency Mining

Expert(s): Security Experts
Expert(s): Security Experts

As part of our experts’ comment series, please find below comments from security experts on Linux malware (Skidmap) disguising itself on infected machines for the purpose of unlawful cryptocurrency mining,  

Experts Comments

September 25, 2019
Dr. Muhammad Malik
Editor-in-Chief
Information Security Buzz
Cryptocurrency mining malware is still a prevalent threat in 2019 and Cybercriminals are devising new ways to make a profit from these malware. The Skidmap is one of the recent examples, which hides inside the kernel to hide illicit cryptocurrency mining. This new kernel-mode is much more difficult to detect compared to its previous user-mode counterparts which show malware are getting smarter day by day. The main steps in Skidmap infection chain are: 1) Installation via crontab, 2) Download .....Read More
Cryptocurrency mining malware is still a prevalent threat in 2019 and Cybercriminals are devising new ways to make a profit from these malware. The Skidmap is one of the recent examples, which hides inside the kernel to hide illicit cryptocurrency mining. This new kernel-mode is much more difficult to detect compared to its previous user-mode counterparts which show malware are getting smarter day by day. The main steps in Skidmap infection chain are: 1) Installation via crontab, 2) Download and Execute main library, 3) Disable or change SELinux policy, 4) Open up backdoor access, 5) Check the infected system: Debian or EHEL/Centos and finally 6) Download and execute cryptocurrency miner and other malicious components. It is important to understand the character of a particular malware family and it’s Indicator of compromise. A CPU high utility is a well-known indicator of crypto mining but in Skidmap’s case, the traffic information is faked to make CPU usage always appear low. It is important to keep applications and operation systems patched to the latest level and search for existing signs of the indicated Skidmap's IoCs in your environment and block all URL and IP based IoCs at the perimeter gateway.  Read Less
September 18, 2019
Casey Ellis
CTO and Founder
Bugcrowd
The sheer amount of work put into commodity malware that targets Linux is what I find interesting about Skidmap. This is a very thoughtful set of obfuscations and concealments more typical of "spray-and-pray" cryptominers targeting Windows or Mac operating systems - or of more customized, targeted Linux malware that’s unlikely to be a part of a campaign like this one. Over the last several months, we’ve seen more evidence that suggests that attackers are continuing to increase their focus.....Read More
The sheer amount of work put into commodity malware that targets Linux is what I find interesting about Skidmap. This is a very thoughtful set of obfuscations and concealments more typical of "spray-and-pray" cryptominers targeting Windows or Mac operating systems - or of more customized, targeted Linux malware that’s unlikely to be a part of a campaign like this one. Over the last several months, we’ve seen more evidence that suggests that attackers are continuing to increase their focus on Linux as a vehicle to obtain access to compute and bandwidth resources.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

The Changing Face Of The COO Role

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Utah Imaging Data Breach – Expert Comments

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts