Updates: This fearsome new Linux malware will shoot a shiver down the backbones of IT professionals 

 

It can steal data, use the webcam, or install a crypto miner 

A brand new Linux malware( opens in new tab) strain able of different kinds of nasties has been detected, able of abusing licit pall services to stay hidden in plain sight. 

 

Cybersecurity experimenters from AT&T Alien Labs lately discovered( opens in a new tab) the malware and named it Shikitega. It comes with a super bitsy dropper( 376 bytes), using a polymorphic encoder that gradationally drops the cargo. That means that the malware will download and execute one module at a time, making sure it stays retired and patient. 

The command & control( C2) garçon for the malware is hosted on a “ given hosting service ”, making it stealthier, it was said. 

 

Shikitega is relatively potent, as it can run on all kinds of Linux( opens in new tab) bias, and allows trouble actors to control the webcam on the target endpoint( opens in new tab), as well as steal credentials. On the other hand, it’s also able of running XMRig, known crypto jacked that mines the Monero cryptocurrency for the bushwhackers. One can only presume that the XMRig was added to make use of compromised bias that has no sensitive data to be stolen. 

The malware relies on two vulnerabilities, both blasted months agone, to compromise the bias and achieve continuity. One is PwnKit( CVE-2021-4034), one of the further ignominious vulnerabilities that went undetected some 12 times, before eventually being spotted and fixed before this time. The other bone is CVE-2021-3493, discovered and renovated further than a time ago( in April 2021). 

 

While there’s a fix for both these holes, the experimenters are saying, numerous IT directors are yet to apply them, especially when it comes to the Internet of effects( IoT) bias. 

The experimenters don’t yet know who the authors are, and are suggesting all Linux admins to keep their software up to date, install an antivirus( opens in a new tab) and/ or EDR on all endpoints, and make sure they back up their garçon lines.