Redis honeypot: server with vulnerable Redis database reveals new SkidMap modification used to hide cryptocurrency mining process

**Doctor Web** reports a new Skidmap Linux rootkit delivered via a MulDrop dropper that installs a kernel-mode rootkit (Linux.Rootkit.400), the Linux.BtcMine.815/XMRig miner, multiple SSH/credential-theft backdoors (Linux.BackDoor.Pam.8, Linux.BackDoor.SSH.425) and a remote access trojan (Linux.BackDoor.RCTL.2); the rootkit spoofs CPU, network, and file listings to hide mining activity, attackers target exposed Redis/enterprise servers for large-scale cryptomining and persistence, and the report includes IOCs and observed campaign activity from a year-long honeypot.