13.01.2021

New Linux Malware Mines Crypto While Remaining Undetectable

On Sept. 16, Augusto Remillano II and Jakub Urbanec revealed in a post on Trend Micro, a security intelligence blog, that they found new Linux malware. According to the analysts, this malware is particularly notable because of the way it loads malicious kernel modules to hide its cryptocurrency mining operations.

Two threat analysts recently stumbled upon new Linux malware that keeps its cryptocurrency mining operations hidden.

Malware provides hackers full access to infected machine

The analysts revealed that Skidmap masks its cryptocurrency mining by utilizing a rootkit, which is a program that installs and executes code on a system without end user consent or knowledge. This makes its malware components undetectable by the infected system’s monitoring tools.

Besides running a cryptojacking campaign on the infected machine, the malware reportedly gives attackers “unfettered access” to the affected system. The analysts add:

“Skidmap also sets up a way to gain backdoor access to the machine, and also replaces the system’s pam_unix.so file with its own malicious version. This malicious file accepts a specific password for any users, thus allowing the attackers to log in as any user in the machine.”

Cryptojacking campaigns up by 29%

Cryptojacking is an industry term for stealth crypto mining attacks which work by installing malware or otherwise gaining access to a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

In August, cybersecurity company McAfee Labs released a threat report, in which it noted an increase in cryptojacking campaigns and ransomware attacks in Q1 2019. According to the report, cryptojacking has been on the rise, with a 29% increase in cryptojacking campaigns.

Montana Crypto Mine Back in Action Despite Owner’s Uncertain Legal Fate

A cryptocurrency mine in Butte Montana fired up its servers today, resuming business without its former owner, an alleged fraudster.

After a legal appearance on the matter, part-owner Kevin Washington and operator Rick Tabish started up crypto mining business CryptoWatt once again, pulling the operation out of retirement, according to a Jan. 27 press release.

Authorities closed down CryptoWatt after jailing its owner, Matthew Goettsche, on a separate fraud account totaling $722 million, the Montana Standard reported in December 2019.

Shady ownership

Although Goettsche owned more than 50% of CryptoWatt, he was not taken into custody for dealings related to that business. Goettsche, along with four individuals, ran a “cryptocurrency investment club” named BitClub Network, through which the group allegedly swindled millions.

Rick Tabish ran CryptoWatt under Goettsche’s ownership of the site, unaware of the owner’s fraudulent endeavors with the unconnected BitClub Network. Goettsche also carried significant debt owed to Tabish.

Managerial concern

Regarding re-opening, Tabish told the Montana Standard:

“If the facility shuts down we all lose, […] I want to protect the integrity of the facility, and the interests of our employees, the vendors, everybody who works there.

Tabish also noted his willingness to bring the matter to court if need be, pointing out that the operation would die if left shut down for too long, Montana Standard reporting included.

CryptoWatt started up again on Jan. 26, a separate article from the Montana Standard read, securing a lower power cost in the process.

Cointelegraph also recently reported on a surge of Bitcoin mining licenses in Iran.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *