August 25, 2024 at 02:36AM
Cybersecurity researchers have discovered a stealthy Linux malware called sedexp, utilized by financially motivated threat actors since 2022. Noteworthy for using udev rules to maintain persistence, the malware runs upon system reboot, enabling remote access and memory modification to conceal its presence. It has been observed hiding credit card scraping code on web servers.
Key takeaways from the meeting notes:
1. Cybersecurity researchers have discovered a stealthy Linux malware called “sedexp” used by financially motivated threat actors.
2. The malware leverages udev rules to achieve persistence and runs upon system restart, providing attackers with reverse shell capabilities.
3. Additionally, the malware can modify memory to conceal files containing the string “sedexp” and has been used to hide credit card scraping code on web servers.
The researchers emphasize that the discovery of sedexp indicates the evolving sophistication of financially motivated threat actors beyond ransomware.