New Syslogk Linux Kernel Rootkit Uses "Magic Packets" to Trigger Remote Backdoor Access
The malware can cloak a malicious payload that could be remotely controlled by an adversary
Coverage examines rootkits, malware designed to hide persistent access, including incident analysis, infrastructure, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
A rootkit is malware or a set of tools designed to hide malicious code, files, processes, accounts, or system activity, often by operating with privileged access. Rootkits may reside in user space, the kernel, boot components, or firmware; their location affects what security tools can see, how persistent they are, and how recovery must be performed. Not every privileged malware component is a rootkit, and capabilities vary.
Rootkits matter because they can cause host-based tools to report an incomplete system state, complicating detection and evidence collection. Useful defenses include least privilege, prompt patching of vulnerable drivers and boot components, Secure Boot and signed code where supported, and monitoring for unexpected kernel, boot, or firmware changes. If compromise is suspected, validate the system from trusted offline media and preserve evidence before remediation. Recovery may require rebuilding the system and, for lower-level compromise, checking or re-flashing firmware through documented platform procedures.
The malware can cloak a malicious payload that could be remotely controlled by an adversary
A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet
A new rootkit malware named 'Syslogk' has been spotted in the wild, and it features advanced process and file hiding techniques that make detection highly unlikely. [...]