Threat Intelligence, Malware

Advanced stealth of new sedexp malware for Linux detailed

Share
Linux

Newly discovered Linux malware "sedexp" has leveraged udev rules, which superseded Device File System in property-based device identification and device state change responses, to ensure persistence and concealment of credit card skimmer code since 2022, according to The Hacker News.

With the ability to deploy a remote shell allowing remote access to infected devices and memory modification, sedexp has been used by threat actors to facilitate the obfuscation of modified Apache configuration files, web shells, and the udev rule — which was noted by SUSE Linux to enable device node naming, node-pointing link inclusion, and specified program execution — a report from Aon's Stroz Friedberg incident response services team showed. "The malware was used to hide credit card scraping code on a web server, indicating a focus on financial gain. The discovery of sedexp demonstrates the evolving sophistication of financially motivated threat actors beyond ransomware," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.