Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules

216.73.216.36

Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules

· Published 23/08/2024 09:39 · Modified 23/08/2024 10:00

Essential information

Published: 23/08/2024 09:39
Modified: 23/08/2024 10:00
Tags: 2024-08-23 concealment evasion linux persistence reverse shell sedexp
Related entities: 3 observables, 9 techniques (mitre), 1 malware

Description

Stroz Friedberg discovered sedexp, a stealthy Linux malware that utilizes udev rules to achieve persistence and evade detection. It provides reverse shell capabilities and advanced concealment tactics. Employed by a financially motivated threat actor, sedexp hides credit card scraping code, indicating a focus on financial gain. Despite being active since 2022, multiple public instances had zero detections, highlighting its evasive nature.

External references

https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
https://otx.alienvault.com/pulse/66c858bc5f6dcdea98f47691