Stealthy Sedexp Malware: Linux’s Undetected Nightmare Since 2022
A stealthy Linux malware called sedexp has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. Discovered by Stroz Friedberg, this advanced threat uses udev rules to hide in plain sight, creating reverse shells for remote…
Hot Take:
Linux users, brace yourselves! A sneaky malware named ‘sedexp’ has been playing hide-and-seek with your systems since 2022, making your antivirus look like an amateur magician trying to pull a rabbit out of a hat. And if you thought your ‘random’ device files were safe, think again!
Key Points:
– Sedexp uses udev rules for persistence, a technique not yet documented by MITRE ATT&CK.
– The malware mimics system processes to stay hidden, naming itself ‘kdevtmpfs’.
– It creates reverse shells for remote access and can manipulate memory to hide its presence.
– Sedexp has been active since 2022 and primarily targets web servers for credit card scraping.
– Only two antivirus engines on VirusTotal can currently detect sedexp.
Membership Required
You must be a member to access this content.