Beware: Shikitega Malware Targets Linux Systems

Shikitega is the name of a newly discovered piece of malware targeting devices that run Linux, specifically IoT devices and endpoints. The malware comes with a complex, multi-step infection chain and includes a cryptominer component.

Shikitega was discovered by a team of researchers with AT&T Alien Labs. The infection chain is rather complicated and involves multiple steps with different modules of the malware downloading one another in a daisy-chain pattern.

The malware is supplied with an encoder that provides polymorphism, as an extra layer of defense against anti-malware solutions. The malware uses the Mettle meterpreter that is used to secure a higher level of control over the compromised device.

Shikitega obtains elevated privileges by abusing a couple of known vulnerabilities, codified as CVE-2021-4043 and CVE-2021-3493. This allows the malware to grab its final payload, establish persistence on the compromised device and launch a Monero cryptomining malicious tool.

Researchers are noting a massive surge in malware threats targeting Linux over the first half of 2022, with a 75% increase on a year-over-year basis.

September 8, 2022