A brand new Linux malware (opens in a new tab) strain capable of several types of nasties has been discovered, capable of abusing legitimate cloud services in just a few seconds.
Researchers at AT&T Alien Labs have discovered (opens in a new tab) the malware and named it Shikitega. It comes with a super tiny dropper (376 bytes), using a polymorphic encoder that gradually drops the payload. This means that the malware will download and execute one module at a time, making sure it remains hidden and persistent.
The command & control (C2) server for the malware is now available on a popular hosting platform, making it stealthier, according to reports.
The researchers aren''t entirely certain about what the authors of malware were trying to achieve.
Shikitega is powerful as it can use all kinds of Linux devices (opens in new tab) and allows threat actors to control the webcam on the target endpoint (opens in new tab), as well as steal credentials. On the other hand, the XMRig is also capable of running a known cryptojacker that mines the Monero cryptocurrency for the hackers. One cannot only speculate that the device has been added to protect the public from harmful information.
Two vulnerabilities, both patched months ago, help keep the devices compromised and maintain stability. One is PwnKit (CVE-2021-4034), one of the most notorious vulnerabilities that went undetected for 12 years before being discovered and repaired earlier this year. The other one is CVE-2021-3493, which was discovered and patched more than a year ago (in April 2021).
While there is a fix for both these gaps, experts claim that many IT administrators are still waiting to apply them, especially when it comes to Internet of Things (IoT).
The researchers don''t know who the authors are, and they are suggesting that all Linux administrators keep their software up to date, install an antivirus (opens in a new tab) and/or EDR on all endpoints, and ensure they keep their server files safe.