Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware
- An American company made 0.7nm chips: EUV lithography machines can’t do it
- CVE-2007-4559 Python vulnerability ignored for 15 years puts 350,000 projects at risk of code execution
- RISC-V only takes 12 years to achieve the milestone of 10 billion cores
- 14000 cores + 450W: RTX 4080 graphics card perfectly replaces the RTX 3080
- Big upgrade: The difference between Bluetooth 5.0 and 5.2
- Geeks Disappointed that RTX 4080/4090 doesn’t come with PCIe 5.0
- What are advantages and disadvantages of different load balancing?
Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware.
The new Linux malware mines with IoT devices, even the computing power of your TV and refrigerator, and the size is only 376 bytes.
Whether it is a smart refrigerator, a color TV, or a washing machine, any device with a little computing power (Internet of Things and end-to-end) may be infected by this virus for mining cryptocurrencies, etc.
An example is Shikitega, a newly discovered Linux malware by AT&T Alien Labs.
Compared with some previous IoT devices, Shikitega is more hidden, with a total of only 376 bytes, of which the code accounts for 300 bytes.
So how exactly does this new malware infect devices?
“Stealth” Using Packing Technology
Specifically, the Shikitega core is a small ELF file (Linux system executable file format).
This ELF file adds a dynamic shell to avoid the blocking of some security software.
Packing refers to the use of a special algorithm to compress the resources in the executable file, but the compressed file can be executed independently, and the decompression process is completely hidden, and all is completed in the memory.
Dynamic shells are a more powerful means of packing technology.
Looking at the overall process, Shikitega performs multi-stage infection of mobile and IoT devices, takes control of the system and performs other malicious activities, including cryptocurrency mining (here Shikitega targets Monero):
Using Shikata Ga Nai (SGN), the most popular encoder in the exploit framework Metasploit, Shikitega performs multiple decoding loops, each loop decoding the next layer.
Ultimately, the payload in Shikitega (the core part of the malware, such as the code that performs malicious actions, such as a worm or virus, deletes data, sends spam, etc.) is fully decoded and executed.
The malware exploits two Linux vulnerabilities, CVE-2021-4034 and CVE-2021-3493. Although there are currently patched updates, if the old Linux system on IoT devices is not updated, it may be infected.
In fact, malware like Shikitega that infects IoT devices is already common.
For example, in March of this year, AT&T Alien Labs also discovered BotenaGo, a malware written in Go that was used to create botnets running on various devices.
Many netizens complained about the security of IoT devices:
Some netizens also believe that IoT devices should be isolated from WiFi, otherwise it will give the virus an “opportunity”:
In addition to IoT devices, more people focus on the security of Linux systems.
Linux malware surges 650%
The variety and volume of Linux malware has risen over the years.
According to the AV-ATLAS team, the number of new Linux malware reached an all-time high in the first half of 2022, with nearly 1.7 million discovered.
Compared to the same period last year (226,324 malware), the number of new Linux malware surged by nearly 650%.
In addition to Shikitega, popular Linux malware has also become more diverse recently, known to include BPFDoor, Symbiote, Syslogk, OrBit, and Lightning Framework.
Some netizens have doubts about this, because Linux is open source, it seems that it will face the proliferation of viruses and malware anyway?
Some netizens responded that, on the one hand, although the old Linux system may be full of loopholes and become a “hotbed” of viruses, it will be solved after upgrading and patching.
On the other hand, developing malware itself is not an easy task. After all, security researchers are constantly fixing and plugging all the bugs, and malware developers have to find bugs before they can fix them, develop malware, and make them “pandemic” to achieve their goals.
If you still have equipment using old Linux systems in your home, you should pay attention to timely upgrades or take security measures such as network isolation~
Shikitega – New stealthy malware targeting Linux
New Linux malware combines unusual stealth with a full suite of capabilities
- DIY a PBX (Phone System) on Raspberry Pi
- How to host multiple websites on Raspberry Pi 3/4?
- A Free Intercom/Paging system with Raspberry pi and old Android phones
- DIY project: How to use Raspberry Pi to build DNS server?
- Raspberry Pi project : How to use Raspberry Pi to build git server?