related posts
0 sats \ 0 replies \ @MalwareLab 25 Aug
This malware contains several thing worth to mention:
- persistence via udev rules
- this technique is not documented in MITRE ATT&CK
- remote access to the victim device
- the malware calls home and creates reverse shell for the attacker
- hides itself
- like "rootkit", it filters out strings with its name from the outputs of the system commands (e.g. ls, find)
- code injection to another processes
- related to scraping credit cards data
reply