pull down to refresh

0 sats \ 0 replies \ @MalwareLab 25 Aug \ on: Stealthy 'sedexp' Linux malware evaded detection for two years security
This malware contains several thing worth to mention:
  • persistence via udev rules
    • this technique is not documented in MITRE ATT&CK
  • remote access to the victim device
    • the malware calls home and creates reverse shell for the attacker
  • hides itself
    • like "rootkit", it filters out strings with its name from the outputs of the system commands (e.g. ls, find)
  • code injection to another processes
    • related to scraping credit cards data
write
preview