A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices.
Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. The malware outstands for its multistage infection chain, threat actors use it to can gain full control of the system and carry out other malicious activities, including cryptocurrency mining.
Shikitega is able to download next-stage payloads from a C2 server and execute them directly in memory, which makes it highly evasive.
The experts reported that the malware downloads and executes Metasploit’s “Mettle” meterpreter to take over infected machines.
Shikitega exploits vulnerabilities to elevate privileges and maintain persistence, the researchers observed that it uses a polymorphic encoder to avoid detection by anti-virus engines.
The main dropper of the malware is a small ELF file (370 bytes in size), while the size of the actual code is around 300 bytes.