Cybersecurity researchers have identified a new, stealthy Linux malware named ‘sedexp’. This malware uses innovative methods to maintain persistence on compromised systems and hide credit card skimming codes. The malware, discovered by Aon’s Stroz Friedberg incident response team, is believed to be the work of a financially motivated threat actor and has been active since 2022.
What sets sedexp apart is its use of udev rules to remain persistent. Udev is a system in Linux used to detect changes in device states, such as when devices are connected or removed. By exploiting udev rules, the malware ensures that it runs every time the system is restarted. Specifically, the malware is triggered whenever /dev/random is loaded, which happens upon reboot, allowing attackers to execute their code.
Digging into this malware, it loads a full stealth rootkit on Linux. The module hides files on the disk under udev directories, plus more. We are seeing the kernel taint inconsistency. Drift detection finds kernel taint shift indicating hidden module. https://t.co/sDSKri5qjV pic.twitter.com/ImYLaQn6id
— Craig Rowland – Agentless Linux Security (@CraigHRowland) August 27, 2024
The malware enables remote access through a reverse shell and employs advanced techniques to modify memory and hide any files containing the string “sedexp” from system commands like ls or find. In some instances, sedexp has been used to hide web shells, altered Apache configuration files, and the udev rule itself.
Researchers observed that sedexp’s primary goal is financial gain, as it has been deployed to conceal credit card scraping code on infected web servers. The discovery of sedexp highlights the increasing complexity and innovation seen in financially motivated cyber threats.
This new threat underscores the ongoing sophistication of cybercriminals and the necessity for heightened vigilance in defending against such evolving attacks.
Sandhya Goswami
Sandhya is a contributing author at Cloudways, specializing in content promotion and performance analysis. With a strong analytical approach and a keen ability to leverage data-driven insights, Sandhya excels in measuring the success of organic marketing initiatives.
