Researchers at AT&T Alien Labs have identified a new stealthy malware called Shikitega, which can infect both servers and Linux-based Internet of Things devices.

It uses a multi-step infection scheme, delivering a payload of several hundred bytes per step, as well as the Shikata Ga Nai cryptor.

The goal of Shikitega is to install a cryptominer, but the malicious code can also be used to deliver payloads. The program drops XMRig software to mine Monero cryptocurrency. The Mettle package allows webcam control, stealing credentials, and works on a large number of devices.