Security experts find a virus that mines cryptocurrency by hacking smart home devices

Researchers at AT&T Alien Labs have discovered a new malware called Shikitega that can infect both servers and Internet of Things (IoT) devices running on Linux. The malware uses a multi-stage infection scheme, delivering a payload of several hundred bytes per step and the Shikata Ga Nai cryptor.

This provides polymorphism, protecting the code from signature-based analysis. Shikitega changes its code every time it goes through one of several decryption cycles.

The goal of Shikitega is to install a cryptominer, but the malicious code can also be used to deliver a payload. The program drops the XMRig software for mining Monero cryptocurrency on victims' devices. The Mettle package allows controlling a webcam, stealing credentials, and works on a large number of devices.

AT&T did not disclose how the initial infection occurs, but noted that Shikitega exploits two Linux vulnerabilities discovered in 2021.