• @ilmagico
    link
    English
    444 months ago

    Sure, once you have root on the host system you can pretty much do whatever you want … adding entries to udev isn’t anything revolutionary.

  • @[email protected]
    link
    fedilink
    English
    17
    edit-2
    4 months ago

    “At the time of this writing, the persistence technique used (udev rules) is not documented by MITRE ATT&CK,” the researchers note, highlighting that sedexp is an advanced threat that hides in plain site.

    These rules contain three parameters that specify its applicability (ACTION== “add”), the device name (KERNEL== “sdb1”), and what script to run when the specified conditions are met (RUN+=“/path/to/script”).

  • @[email protected]
    link
    fedilink
    English
    154 months ago

    “Malware”? Fucking cybersec press is the worst.

    What’s next, they’re gonna call “sudo” a 0-day vuln?