Skidmap
Skidmap is a cryptocurrency-mining Trojan that includes additional backdoor and anti-security features. It targets Linux machines, with some of its components imitating Linux-specific system resources, and covers up the visual evidence of its network activities. Use compatible anti-malware programs for removing Skidmap preemptively, if possible, or as soon as reasonable after infection, due to its potential for damaging the hardware.
Mapping the Behavior of a Rootkit-Cum-Miner Trojan
The triple threat of a Trojan with rootkit features, backdoor controllability, and a mining-oriented payload is targeting unknown users working on Linux systems. Although Skidmap's payload has an evident for-profit motivation, many of the ways it accomplishes these attacks are defensive creatively. Most meaningfully, it even includes properties that could lead to the threat actor reinstalling it without trouble, if disinfection isn't comprehensive.
Skidmap runs the same, cryptocurrency-mining operations as the campaigns of the multi-OS WatchBog, CoinMiner or the Vnlgp Miner. These attacks hijack system resources such as the GPU and run concealed memory processes that create coins for the threat actor's wallet. Depending on the setup, Skidmap could run this feature continuously – even to the point of causing overheating and hardware disruption – or pause it for preventing users from identifying the interruption to their experience.
Malware analysts find Skidmap's other components much more unusual, however. Through LKMs and other modules, the Trojan can:
- Let an attacker login to any account through a custom password (without needing the account's default credentials).
- Include the kernel-modifying rootkit, Netlink, that can fake 'ordinary' traffic statistics for networks, thus, defeating packet sniffers and similar tools.
- Download and launch files through a fake RM component.
These features extend a hacker's control over infected Linux machines, letting them infect the rest of a network, collect local information or install different threats.
Keeping Your Computer from Skidding Out of Control
While malware analysts don't see any Skidmap attacks on Windows, its Linux support is in-depth reasonably. It includes flexible support for both CentOS and Debian builds of the Linux OS and has environment-appropriate disguises for many of its files. It also can deactivate SELinux, which controls critical security policies and MACs.
Without taking into account the other risks of its payload, Skidmap's mining function can cause hardware damage or performance problems, along with hidden, inflated network activity. Non-consensual miner Trojans will avoid displaying pop-ups or other symptoms that might alert from the victims. Linux users should depend on their preexisting anti-malware applications for detecting Skidmap or deleting Skidmap infections, and change their network passwords afterward.
Rootkits aren't as common as they used to be, so the usage of this technique among an otherwise-normal Trojan is notable. That Skidmap is using this persistence method for Linux is just the cherry on top, reminding everyone that no OS is safe from financial depredation.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.