Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Researchers Uncover Linux Malware Sedexp

August 19, 2024
Reading Time: 2 mins read
in Alerts

Researchers have discovered a new piece of Linux malware, codenamed sedexp, that uses an unusual technique to achieve persistence on infected systems while concealing credit card skimmer code. The malware has been attributed to a financially motivated threat actor and was identified by Aon’s Stroz Friedberg incident response services team. Active since 2022, sedexp employs advanced tactics to remain undetected and provides attackers with reverse shell capabilities, enabling remote access to compromised systems.

What sets sedexp apart is its use of udev rules, a mechanism in Linux that identifies devices based on their properties and responds to changes in the device state, such as when a device is plugged in or removed. The udev rule tied to sedexp triggers the malware to run whenever the system’s /dev/random device is loaded, which occurs on every reboot. This technique ensures that the malware stays persistent across reboots, allowing attackers to execute their malicious code consistently.

The malware also possesses the ability to modify memory, hiding files containing the string “sedexp” from being detected by system commands like ls or find. This concealment allows the threat actors to hide web shells, modified Apache configuration files, and the udev rule itself. The method provides an effective way for the malware to evade detection while facilitating the ongoing operation of the skimmer and maintaining access to the compromised server.

Although the exact distribution method of sedexp is currently unknown, the malware’s main purpose has been linked to hiding credit card scraping code on compromised web servers. This demonstrates the increasing sophistication of financially motivated cybercriminals, as they continue to evolve beyond traditional ransomware attacks in favor of more covert and advanced techniques to achieve financial gain.

 

Reference:

  • Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules

Tags: August 2024Cyber AlertsCyber Alerts 2024Cyber threatsLinux malwaresedexp
ADVERTISEMENT

Related Posts

Sothebys Data Breach Exposes Customers

Microsoft Pulls 200 Suspicious Certificates

October 17, 2025
Sothebys Data Breach Exposes Customers

NK Hackers Hide Malware In Blockchain

October 17, 2025
Sothebys Data Breach Exposes Customers

Hackers Spread Malware With Blockchain

October 17, 2025

Fortinet And Ivanti Patch Severe Flaws

October 16, 2025

Malicious VSCode Extensions Steal Crypto

October 16, 2025

Fake Password Manager Hijack PCs

October 16, 2025

Latest Alerts

Microsoft Pulls 200 Suspicious Certificates

NK Hackers Hide Malware In Blockchain

Hackers Spread Malware With Blockchain

Fortinet And Ivanti Patch Severe Flaws

Malicious VSCode Extensions Steal Crypto

Fake Password Manager Hijack PCs

Subscribe to our newsletter

    Latest Incidents

    Pro Hamas Hackers Target Airport Speakers

    Prosper Breach Hits 17 Million Accounts

    Sothebys Data Breach Exposes Customers

    F5 Reports Hackers Stole Source Code

    YouTube Down Globally With Playback Errors

    Spanish Retailer Mango Discloses Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial