New Linux-focused malware identified by AT&T Cybersecurity researchers uses sophisticated approach to target endpoints and IoT devices https://www.fosslife.org/new-linux-focused-malware-targets-iot-devices #Linux #malware #cryptominer #IoT #devices #security #RemoteControl #Shikitega

New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices

#malware #Linux #iot #shikitega

Once deployed on a targeted host, the attack chain downloads and executes the Metasploit's "Mettle" meterpreter to maximize control, exploits vulnerabilities to elevate its privileges, adds persistence on the host via crontab, and ultimately launches a cryptocurrency miner on infected devices.

The exact method by which the initial compromise is achieved remains unknown as yet, but what makes Shikitega evasive is its ability to download next-stage payloads from a command-and-control (C2) server and execute them directly in memory.

Privilege escalation is achieved by means of exploiting CVE-2021-4034 (aka PwnKit) and CVE-2021-3493, enabling the adversary to abuse the elevated permissions to fetch and execute the final stage shell scripts with root privileges to establish persistence and deploy the Monero crypto miner.

https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html?m=1

Die neue Malware #Shikitega greift Linux- und IoT-Geräte mehrstufig an https://www.bleepingcomputer.com/news/security/new-linux-malware-evades-detection-using-multi-stage-deployment/