“At the time of this writing, the persistence technique used (udev rules) is not documented by MITRE ATT&CK,” the researchers note, highlighting that sedexp is an advanced threat that hides in plain site.
Stealthy 'sedexp' Linux malware evaded detection for two years
Submitted 2 months ago by baatliwala@lemmy.world to technology@lemmy.world
Comments
henfredemars@infosec.pub 2 months ago
LainTrain@lemmy.dbzer0.com 2 months ago
“Malware”? Fucking cybersec press is the worst.
What’s next, they’re gonna call “sudo” a 0-day vuln?
MonkderVierte@lemmy.ml 2 months ago
Not 0-day but it had a vew privilege escalation holes already. …medium.com/sudo-vulnerability-in-linux-lead-to-p…
sugar_in_your_tea@sh.itjust.works 2 months ago
Sure, but this isn’t a privilege escalation, this requires privilege escalation, and it merely installs a backdoor that preserves that privilege.
It’s like installing something in cron or systemd, it’s not a vulnerability in itself, but it can allow an attacker to add a backdoor once they exploit a vulnerability once.
ilmagico@lemmy.world 2 months ago
Sure, once you have root on the host system you can pretty much do whatever you want … adding entries to udev isn’t anything revolutionary.