"New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices"

Shikitega, a new piece of stealthy Linux malware, has been discovered employing a multi-stage infection chain to compromise endpoints and Internet of Things (IoT) devices and drop additional payloads. In addition to the cryptocurrency miner that will be executed and set to persist, an attacker can gain full control of the system, according to AT&T Alien Labs in a new report. The discoveries add to the growing list of Linux malware found in the wild in recent months, which includes BPFDoor, Symbiote, Syslogk, OrBit, and Lightning Framework. Once deployed on a targeted host, the attack chain downloads and executes the Metasploit's "Mettle" meterpreter to gain maximum control, exploits vulnerabilities to gain elevated privileges, adds persistence to the host via crontab, and launches a cryptocurrency miner on infected devices. The method by which the initial compromise is achieved is unknown, but Shikitega's ability to download next-stage payloads from a command-and-control (C2) server and execute them directly in memory makes it evasive. By exploiting CVE-2021-4034, also known as PwnKit, and CVE-2021-3493, the adversary can abuse the elevated permissions to fetch and execute the final stage shell scripts with root privileges to establish persistence and deploy the Monero cryptocurrency miner. This article continues to discuss the new stealthy Linux malware called Shikitega. 

THN reports "New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices"