1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This sneaky Linux malware went undetected for years, and is using

    From TechnologyDaily@1337:1/100 to All on Mon Aug 26 16:15:05 2024
    This sneaky Linux malware went undetected for years, and is using all-new attack tactics

    Date:
    Mon, 26 Aug 2024 16:10:00 +0000

    Description:
    Method used by this malware was never seen before, allowing it to remain hidden for years

    FULL STORY ======================================================================

    A novel piece of Linux malware, which grants its operators the ability to remotely access the compromised device, has been hiding in plain sight for more than two years now, experts have warned.

    Stroz Friedberg, which discovered the malware and wrote an in-depth
    explainer, said the malware is called sedexp, and has been evading detection since 2022.

    While granting the attackers remote access to the vulnerable endpoint is important, its not this malwares unique property. Instead, its the way it remained hidden for more than two years, and made sure most antivirus solutions didnt detect it. Udev rules abused

    As per the report, sedexp went under the radar by using udev rules.

    "At the time of this writing, the persistence technique used (udev rules) is not documented by MITRE ATT&CK," the researchers note.

    Udev is a device manager for the Linux kernel, responsible for managing
    device nodes in the /dev directory. It dynamically creates and removes device nodes based on the devices connected to the system, such as USB drives, printers, and network interfaces. It also makes sure that each node gets the right driver loaded into memory.

    Udev rules, on the other hand, are text configurations that tell the device manager how to work different devices or events. To run the malware, and make sure it remains hidden, it adds a specific rule to udev, the researchers explained. Finally, the malware names its process kdevtmpfs, the same as another, legitimate process, making detection even harder.

    Stroz Friedberg believes this piece of malware has been used since at least 2022, and found it in numerous online sandboxes, none of which triggered any antiviruses. The researchers believe the malware was used to hide a credit card skimmer.

    Via BleepingComputer More from TechRadar Pro This dangerous new Linux
    malware is going after VMware systems with multiple extortion attempts Here's a list of the best firewall software around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-sneaky-linux-malware-went-undetect ed-for-years-and-is-using-all-new-attack-tactics


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)