This fearsome new Linux malware will send a shudder down the spines of IT professionals
It can steal data, use the webcam, or install a cryptominer
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A brand new Linuxmalwarestrain capable of different kinds of nasties has been detected, capable of abusing legitimate cloud services to stay hidden in plain sight.
Cybersecurity researchers from AT&T Alien Labsrecently discoveredthe malware and named it Shikitega. It comes with a super tiny dropper (376 bytes), using a polymorphic encoder that gradually drops the payload. That means that the malware will download and execute one module at a time, making sure it stays hidden and persistent.
The command & control (C2) server for the malware is hosted on a “known hosting service”, making it stealthier, it was said.
Abusing PwnKit
The researchers aren’t absolutely certain what the malware’s authors were trying to achieve.
Shikitega is quite potent, as it can run on all kinds ofLinuxdevices, and allows threat actors to control the webcam on the targetendpoint, as well as steal credentials. On the other hand, it’s also capable of running XMRig, a known cryptojacker that mines the Monero cryptocurrency for the attackers. One can only speculate that the XMRig was added to make use of compromised devices that have no sensitive data to be stolen.
The malware relies on two vulnerabilities, both patched months ago, to compromise the devices and achieve persistence. One is PwnKit (CVE-2021-4034), one of the more infamous vulnerabilities that went undetected for some 12 years, before finally being spotted and fixed earlier this year. The other one is CVE-2021-3493, discovered and patched more than a year ago (in April 2021).
Linux security systems have a rather damaging safety flaw>This major Linux security vulnerability has been fixed, so patch now>These are the best Linux distros for developers
While there’s a fix for both these holes, the researchers are saying, many IT administrators are yet to apply them, especially when it comes to Internet of Things (IoT) devices.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The researchers don’t yet know who the authors are, and are suggesting all Linux admins to keep their software up to date, install anantivirusand/or EDR on all endpoints, and make sure they back up their server files.
Via:Ars Technica
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
The 6 best electric motorcycle concepts and launches from EICMA 2024
