27/11/2019: Steelcyber Scientific confirms that has intercepted and managed large contamination of the Skidmap malware for a large European University HPC facility. 'Skidmap' which is primarily used as a platform for stealing computational power for crypto-mining operations has been previously detected in the while targeting Linux based systems. It normally infects perfectly patched systems by means of legitimate users executing infected code. The malware will then proceed to exchange basic operating system commands such as 'rm', 'iproute' and others, in an attempt to further hide its activities and create back doors. Steelcyber Scientific's Chief Technical Officer George Magklaras claimed: "In an HPC environment, if you discover that your compute nodes are doing something that the system should not do, it's quite easy to just re-install them en masse. However, in such large environments, the difficult thing is to mitigate what happened and whether the fault in question has created backdoors so that can re-occur. There is one thing to pay a huge electricity bill and have someone steeling your compute cycles. There is another to understand how this happened and ensure that it won't occur again, stopping repeatedly your precious production time. This is where we stepped in to help." 'Skidmap' was intercepted in the login nodes of the HPC facility by Steelcyber's LUARM logging engine. Within a few hours, the fault was found and mitigated, which underlines the importance of proper logging/monitoring mechanisms for production systems. It also highlights the ever increasing threat profile on Linux based systems.