AT&T Alien Labs has discovered and revealed a new malware targeting Linux OS, endpoints and IoT devices running Linux.

The malware downloads and executes the Metasploit’s “Mettle” meterpreter to maximize its control on infected machines.

Shikitega exploits system vulnerabilities to gain high privileges, persist and execute crypto miner.

The malware uses a polymorphic encoder to make it more difficult to detect by anti-virus engines.

Shikitega abuse legitimate cloud services to store some of its command and control servers (C&C).

AT&T Alien Labs gives the usual advice of keeping software up-to-date with security updates, to install anti-virus software or EDR in all endpoints, and use a backup system on all servers.
[cybersecurity.att.com...]