Shikitega: A Newly born Malware Program Targeting Linux

Hacker hands using laptop computer to code
Reading Time: 2 minutes

Recently a new malware program was discovered by AT&T labs called “Shikitega”. Shikitega program targeting endpoints and IoT devices. Usually, Linux malware targets servers and cloud instances.

What is Shiktega?

Generally, Linux malware targets cloud instances and servers. We all know that, where there’s big-time CPU horsepower converted to cryptocurrency mining. Shikitega, opt for the low-hanging fruit of desktops and IoT devices. Of course, it’ll happily attack servers. Like all malware, it’s an opportunist attacker.

Shikitega: A Newly born Malware Program Targeting Linux
Image Source: AT&T Cyber security

What is a multistage infection chain ?

Shikitega is like multistage infection chain. The infection starts with a 370 bytes Executable and Linkable Format (ELF) file. just in case you’ve forgotten, otherwise you never knew, never ever download an unknown ELF file. It’s just soliciting for trouble.

Then, once in situ, another module is downloaded, executed, so downloads and executes the subsequent one, and so on. Besides bringing within the next, each module has its own specific task. These include downloading and executing the Metasploit meterpreter, hunting down and exploiting Linux vulnerabilities, and setting persistence within the infected machine.

Its last work is execution of shell programs that work on four crontabs: Two for the present logged-in user and also the other two for root. If we don’t have crontab installed, it’ll try to install and begin the crontab service.

Finally, Shikitega will download and execute a crypto miner and take a look at to grab control of your machine as root. After this it’ll use exploits supported CVE-2021-4034, aka PwnKit, and CVE-2021-3493. If we keep the Linux system up so far, which may be a conflicting thing if your IoT vendor hasn’t been doing its job, these attacks will fail.We are also unaware that there’s such a moment file hiding inside a bigger package. So, same as in Windows, we must always know what’s in every package and where it came from before installing it.

How can we be safe from Shikitega ?

Inorder to avoid  we should follow simple and basic items like installing security patches, keeping backups, and never installing unknown programs. you’ll also use anti-malware programs to your endpoints if you wish to use a belt and suspenders approach to your security.

As always, we must always be safe from Linux malware if we just practice good server security. The sole real danger we are able to see here is with IoT devices. Only too often, IoT vendors do a lousy job of keeping their embedded operating systems up to this point with security patches. If that’s the case with our devices, we propose finding replacement gear from a vendor that takes security seriously. Instances of Linux malware are, unfortunately, increasing rapidly. For more details for precautions you can to the blog on How to pick the Best Anti virus Software with regards to Android and iOS

For more details: click here

Written by 

Abhishek Dwivedi is a Google-certified professional cloud architect working in Knoldus Inc as a Senior Software Consultant. Abhishek loves to juggle devops tools and learn everyday new things in new techonologies. He believes in by sharing knowledge we can gain more knowledge.