Skidmap

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Skidmap, a malicious software (malware), was first detected in 2019 and is primarily designed to target Linux systems for cryptomining purposes. The malware infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside the system, Skidmap can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware is particularly notorious for its ability to hide its cryptocurrency mining activities using kernel-mode rootkits, making it difficult to detect and remove. By August 2023, threat actors began leveraging a more sophisticated variant of Skidmap, targeting poorly secured Redis servers. This variant could compromise various Linux distributions, including Alibaba, RedHat, Stream, Anolis, and openEuler. The new version of Skidmap demonstrated significant sophistication by setting up cron tasks with a variable using base64 string, adapting to the operating system where it gets executed, and choosing the binary to download based on the Linux Distribution architecture on the infected system. Historically, Skidmap has been used to covertly mine cryptocurrency and create false network traffic and CPU usage by loading malicious kernel modules. In addition, Skidmap has the capability to set up a secret master password that provides access to any user account in the system. These activities bear similarities to other cryptojacking operations such as Rocke, TeamTNT, and WatchDog. Despite its evolution over time, the core objective of Skidmap remains consistent: exploiting vulnerabilities to mine cryptocurrency undetected.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Linux
Redis
Debian
Exploit
Centos
Trustwave
Exploits
Gbhackers
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Skidmap Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Novel Migo malware impacts Redis servers
Unit42
9 months ago
When PAM Goes Rogue: Malware Uses Authentication Modules for Mischief
CERT-EU
a year ago
Poorly secured Redis servers impacted by new SkidMap malware variant
CERT-EU
a year ago
New SkidMap Malware Attacking Wide Range of Linux Distributions | IT Security News
CERT-EU
a year ago
New SkidMap Malware Attacking Wide Range of Linux Distributions
Securityaffairs
a year ago
A sophisticated SkidMap variant targets unsecured Redis servers
MITRE
a year ago
Skidmap Malware Uses Rootkit to Hide Mining Payload
CERT-EU
a year ago
Winnti APT Hackers Attack Linux Servers With New Malware 'Mélofée'