• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    2 months ago

    “At the time of this writing, the persistence technique used (udev rules) is not documented by MITRE ATT&CK,” the researchers note, highlighting that sedexp is an advanced threat that hides in plain site.

    These rules contain three parameters that specify its applicability (ACTION== “add”), the device name (KERNEL== “sdb1”), and what script to run when the specified conditions are met (RUN+=“/path/to/script”).

  • ilmagico@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Sure, once you have root on the host system you can pretty much do whatever you want … adding entries to udev isn’t anything revolutionary.

  • LainTrain@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    “Malware”? Fucking cybersec press is the worst.

    What’s next, they’re gonna call “sudo” a 0-day vuln?