Bleeping Computer

Linux CryptoMiners Are Now Using Rootkits to Stay Hidden

As the popularity of cryptocurrency rises, so does the amount of cryptominer Tojans that are being created and distributed to unsuspecting victims. One problem for cryptominers, though, is that the ...
ZDNet

Linux cryptocurrency miners are installing rootkits to hide themselves

Security researchers from Trend Micro have stumbled upon a new malware strain that mines cryptocurrency on Linux computers, but which is also different from previously seen cryptominers because it ...
WeLiveSecurity

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

The mysterious Avatar rootkit, detected by ESET as Win32/Rootkit.Avatar, appears to reflect a heavy investment in code development, with an API and a SDK available, plus an interesting abuse of Yahoo ...
Bleeping Computer

Remove the Tprdpw32.exe and SmartService Rootkit

If you are infected with the tprdpw32.exe or SmartService rootkit, you will not be able to launch many security and anti-virus programs. The Tprdpw32 rootkit will be installed along with a Windows ...
PC Magazine

Rooting Out Rootkits

A modern antispyware utility is a ruthless killer. The moment it sees a malicious program that matches one of its virus or spyware signatures, it terminates the process and deletes all file and ...
Network World

How to remove rootkits by hand

Manually removing rootkit-based malware can be extremely difficult. You can’t delete the offending Registry entries because the malware process is running. You halt the malware process, but Windows ...
ZDNet

Hackers somehow got their rootkit a Microsoft-issued digital signature

Cybersecurity researchers at Bitdefender have detailed how cyber criminals have been using FiveSys, a rootkit that somehow made its way through the driver-certification process to be digitally signed ...
The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
Linux Journal

Anthony Lineberry on /dev/mem Rootkits

At Black Hat Europe in mid-April 2009, Anthony Lineberry presented an interesting paper on how attackers with root privileges might use a /dev/mem rootkit, hiding their attacks by directly altering ...
Computerworld

McAfee: Open-source encourages rootkits

Rootkits are becoming more prevalent and difficult to detect, and security vendor McAfee claims the blame falls squarely on the open-source community. In its “Rootkits” report being published Monday , ...