A new cryptocurrency mining malware targeting Linux systems has demonstrated how complex this type of malware has become. Known as Skidmap, the malware is not only harder to detect, it also gives the attackers unfiltered access to the affected system. The malware was discovered by security researchers from TrendMicro. In a blog post, the researchers revealed that the malware can set up a secret master password that gives the attackers access to any user account on the system. The malware installs itself through crontab, a list of tasks schedule to run on regular intervals, the researchers explained. Upon execution, the malware decreases the affected machine\u2019s security settings. It does this by disabling the Security Enhanced Linux (SELinux) module, a security module which provides support in the system\u2019s access control policies. Skidmap also gives the attackers backdoor access to the affected machine by adding the attacker\u2019s public keys to the list of keys needed for authentication. Furthermore, it replaces the system\u2019s authentication module known as pam_unix with its own malicious version. This version accepts a specific password set by the attackers for any user on the system, allowing them to log in to any user account at will. To avoid detection, Skidmap loads several other malicious components onto the affected machines. One of these is a netlink rootkit that fakes the network statistics, specifically traffic involving certain ports and IP addresses. It also fakes CPU-related statistics, making the affected machines appear to be running normally. With high CPU usage being one of the more renowned red flags of a cryptojacking malware, this is a key strategy for the attackers. The researchers revealed to The Next Web that Skidmap mines Monero, one of the leading dark coins. \u201cThe cryptocurrency miner pertaining to this article is a variant of XMRig which mines Monero cryptocurrency,\u201d they stated. The researchers advised, \u201cGiven Linux\u2019s use in many enterprise environments, its users, particularly administrators, should always adopt best practices: keep the systems and servers updated and patched (or use virtual patching for legacy systems); beware of unverified, third-party repositories; and enforce the principle of least privilege to prevent suspicious and malicious executables or processes from running.\u201d Cryptojacking malware attacks surged by 29% in the first quarter of the year, a report by McAfee Labs revealed last month. The attackers have continued to find new ways to stay ahead, with a recent report revealing that Glupteba malware is using the Core Coin (BTC) blockchain to increase its resilience.