Security news aggregator

Latest coverage for Rootkit

Coverage examines rootkits, malware designed to hide persistent access, including incident analysis, infrastructure, disruption efforts, and defensive guidance.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A rootkit is malware or a set of tools designed to hide malicious code, files, processes, accounts, or system activity, often by operating with privileged access. Rootkits may reside in user space, the kernel, boot components, or firmware; their location affects what security tools can see, how persistent they are, and how recovery must be performed. Not every privileged malware component is a rootkit, and capabilities vary.

Rootkits matter because they can cause host-based tools to report an incomplete system state, complicating detection and evidence collection. Useful defenses include least privilege, prompt patching of vulnerable drivers and boot components, Secure Boot and signed code where supported, and monitoring for unexpected kernel, boot, or firmware changes. If compromise is suspected, validate the system from trusted offline media and preserve evidence before remediation. Recovery may require rebuilding the system and, for lower-level compromise, checking or re-flashing firmware through documented platform procedures.

Volume over time

Weekly headline count for the current query.

Showing 4 most recent headlines Filtered view

Researchers Identified Two Undocumented Variants Used Since 2023Eset uncovered two previously undocumented Windows variants of the China-linked SprySocks backdoor tied to FishMonger and iSoon, revealing expanded espionage capabilities, rootkit-based stealth and continued targeting of government organizations across Asia and Central America.

Hacking Group UNC6148 Steals Credentials With New OVERSTEP Rootkit, Google SaysA cybercrime group used a backdoor in a fully patched SonicWall appliance to steal credentials and may have sold the stolen data to ransomware groups as part of an ongoing campaign, Google Threat Intelligence Group found. The firm attributed the campaign to a cybercrime group it tracks as UNC6148.

Bank Info Security 1 year, 3 months ago

Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All

CISA Publishes Anatomy of Advanced Ivanti VPN MalwareHackers using Trojans connected to a malware family deployed by Chinese nation-state hackers are actively exploiting a now-patched vulnerability in Ivanti Connect Secure appliances. The malware "contains capabilities of a rootkit, dropper, backdoor, bootkit, proxy and tunneler."

Bank Info Security 1 year, 10 months ago

North Korean Hackers Tied to Exploits of Chromium Zero-Day

Cryptocurrency Users Targeted in Latest Campaign Involving FudModule RootkitA hacking group tied to North Korea exploited a zero-day vulnerability in the open source Google Chromium web browser to try and steal cryptocurrency, Microsoft said. The attack campaign is the latest to involve a sophisticated North Korean rootkit called FudModule. Google has fixed the flaw.