Shikitega is a new malware targeting Linux-powered endpoints and IoT devices. The malware utilizes a multi-stage infection chain to compromise devices and deploy additional payloads. Two known vulnerabilities are targeted to elevate privilege on target devices (CVE-2021-4034, CVE-2021-3493). In addition to a persistent bitcoin miner, an attacker can take complete control of the device. Technically, the malware attempts to evade detection by reducing the code of the primary dropper to below 1KB. The threat is also known to abuse previously compromised cloud infrastructure and C2. Notably, this threat uses Metasploit’s “Mettle,” a low-impact / low-footprint Meterpreter implementation. SentinelOne Singularity™ detects and prevents malicious behaviors associated with Shikitega and its artifacts.
