Security News > 2023 > August > New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers
Vulnerable Redis services have been targeted by a "New, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions.
"The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher Radoslaw Zdonczyk said in an analysis published last week.
SkidMap was first disclosed by Trend Micro in September 2019 as a cryptocurrency mining botnet with capabilities to load malicious kernel modules that can obfuscate its activities as well as monitor the miner process.
The operators of the malware have also been found camouflaging their backup command-and-control IP address on the Bitcoin blockchain, evocative of another botnet malware known as Glupteba.
The latest attack chain documented by Trustwave involves breaching poorly secured Redis server instances to deploy a dropper shell script that's designed to distribute an ELF binary that masquerades as a GIF image file.
"The level of advancement of this malware is really high, and detecting it, especially in larger server infrastructures, can be very hard," Zdonczyk said.
News URL
https://thehackernews.com/2023/08/new-skidmap-redis-malware-variant.html
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- 'Alarming' security bugs lay low in Linux's needrestart server utility for 10 years (source)
- Chinese hackers target Linux with new WolfsBane malware (source)