December 3, 2022

COSFONE

Networking, PBX, IT, DIY Solution

Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware

4 min read

Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware



 

Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware.

The new Linux malware mines with IoT devices, even the computing power of your TV and refrigerator, and the size is only 376 bytes.

Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware

 


Whether it is a smart refrigerator, a color TV, or a washing machine, any device with a little computing power (Internet of Things and end-to-end) may be infected by this virus for mining cryptocurrencies, etc.

 

An example is Shikitega, a newly discovered Linux malware by AT&T Alien Labs.

 

Compared with some previous IoT devices, Shikitega is more hidden, with a total of only 376 bytes, of which the code accounts for 300 bytes.

 

So how exactly does this new malware infect devices?

 

 


“Stealth” Using Packing Technology

 

Specifically, the Shikitega core is a small ELF file (Linux system executable file format).

 

Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware

 

This ELF file adds a dynamic shell to avoid the blocking of some security software.

 

Packing refers to the use of a special algorithm to compress the resources in the executable file, but the compressed file can be executed independently, and the decompression process is completely hidden, and all is completed in the memory.

 

Dynamic shells are a more powerful means of packing technology.

 

Looking at the overall process, Shikitega performs multi-stage infection of mobile and IoT devices, takes control of the system and performs other malicious activities, including cryptocurrency mining (here Shikitega targets Monero):

 

Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware

 

 

Using Shikata Ga Nai (SGN), the most popular encoder in the exploit framework Metasploit, Shikitega performs multiple decoding loops, each loop decoding the next layer.

 

Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware

 

Ultimately, the payload in Shikitega (the core part of the malware, such as the code that performs malicious actions, such as a worm or virus, deletes data, sends spam, etc.) is fully decoded and executed.

 

The malware exploits two Linux vulnerabilities, CVE-2021-4034 and CVE-2021-3493. Although there are currently patched updates, if the old Linux system on IoT devices is not updated, it may be infected.

 

In fact, malware like Shikitega that infects IoT devices is already common.

 

For example, in March of this year, AT&T Alien Labs also discovered BotenaGo, a malware written in Go that was used to create botnets running on various devices.

 

Many netizens complained about the security of IoT devices:

 

Your TV and refrigerator may be used for mining cryptocurrencies by Linux malware

 

Some netizens also believe that IoT devices should be isolated from WiFi, otherwise it will give the virus an “opportunity”:

 

 

 

In addition to IoT devices, more people focus on the security of Linux systems.

 

 

 


Linux malware surges 650%


The variety and volume of Linux malware has risen over the years.

 

According to the AV-ATLAS team, the number of new Linux malware reached an all-time high in the first half of 2022, with nearly 1.7 million discovered.

 

Compared to the same period last year (226,324 malware), the number of new Linux malware surged by nearly 650%.

 

In addition to Shikitega, popular Linux malware has also become more diverse recently, known to include BPFDoor, Symbiote, Syslogk, OrBit, and Lightning Framework.

 

 

 

 

Some netizens have doubts about this, because Linux is open source, it seems that it will face the proliferation of viruses and malware anyway?

 

 

Some netizens responded that, on the one hand, although the old Linux system may be full of loopholes and become a “hotbed” of viruses, it will be solved after upgrading and patching.

 

On the other hand, developing malware itself is not an easy task. After all, security researchers are constantly fixing and plugging all the bugs, and malware developers have to find bugs before they can fix them, develop malware, and make them “pandemic” to achieve their goals.

 

 

 

If you still have equipment using old Linux systems in your home, you should pay attention to timely upgrades or take security measures such as network isolation~

 

 

 

Reference:

Shikitega – New stealthy malware targeting Linux
New Linux malware combines unusual stealth with a full suite of capabilities
https://www.reddit.com/r/technews/c



Copyright © All rights reserved. | Newsphere by AF themes.