Latest Rootkit news

Krasue RAT malware hides on Linux servers using embedded rootkits

Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021.
- Bill Toulas
- December 07, 2023
- 01:00 AM
- 0
Stealthy SeroXen RAT malware increasingly used to target gamers

A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities.
- Bill Toulas
- May 31, 2023
- 12:56 PM
- 1
Malicious Windows kernel drivers used in BlackCat ransomware attacks

The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks.
- Bill Toulas
- May 22, 2023
- 02:23 PM
- 0
Lazarus hackers abuse Dell driver bug using new FudModule rootkit

The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.
- Bill Toulas
- October 01, 2022
- 10:05 AM
- 0
Hackers breach software vendor for Magento supply-chain attacks

Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
- Bill Toulas
- September 13, 2022
- 11:21 AM
- 0
CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards

Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit.
- Ionut Ilascu
- July 25, 2022
- 09:37 PM
- 3
New ‘Lightning Framework’ Linux malware installs rootkits, backdoors

A previously undetected malware dubbed 'Lightning Framework' that targets Linux systems can be used to backdoor infected devices using SSH and deploy rootkits to cover the attackers' tracks.
- Sergiu Gatlan
- July 21, 2022
- 05:42 AM
- 0
New Syslogk Linux rootkit uses magic packets to trigger backdoor

A new rootkit malware named 'Syslogk' has been spotted in the wild, and it features advanced process and file hiding techniques that make detection highly unlikely.
- Bill Toulas
- June 13, 2022
- 11:13 AM
- 1
Chinese hacking group uses new 'Fire Chili' Windows rootkit

The Chinese APT group known as Deep Panda has been spotted in a recent campaign targeting VMware Horizon servers with the Log4Shell exploit to deploy a novel rootkit named 'Fire Chili'.
- Bill Toulas
- March 31, 2022
- 01:11 PM
- 2
New Unix rootkit used to steal ATM banking data

Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions.
- Bill Toulas
- March 17, 2022
- 06:23 PM
- 0
Microsoft: Shrootless bug lets hackers install macOS rootkits

Attackers could use a new macOS vulnerability discovered by Microsoft to bypass System Integrity Protection (SIP) and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices.
- Sergiu Gatlan
- October 28, 2021
- 12:44 PM
- 0
FontOnLake malware infects Linux systems via trojanized utilities

A newly discovered malware family has been infecting Linux systems concealed in legitimate binaries. Dubbed FontOnLake, the threat delivers backdoor and rootkit components.
- Ionut Ilascu
- October 10, 2021
- 01:16 PM
- 0
GhostEmperor hackers use new Windows 10 rootkit in attacks

Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit.
- Sergiu Gatlan
- September 30, 2021
- 01:34 PM
- 0
FinFisher malware hijacks Windows Boot Manager with UEFI bootkit

Commercially developed FinFisher malware now can infect Windows devices using a UEFI bootkit that it injects in the Windows Boot Manager.
- Sergiu Gatlan
- September 28, 2021
- 01:46 PM
- 0
Microsoft WPBT flaw lets hackers install rootkits on Windows devices

Security researchers have found a flaw in the Microsoft Windows Platform Binary Table (WPBT) that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012.
- Sergiu Gatlan
- September 25, 2021
- 11:16 AM
- 2
Microsoft admits to signing rootkit malware in supply-chain fiasco

Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control IPs.
- Ax Sharma
- June 26, 2021
- 05:16 AM
- 11
New Moriya rootkit used in the wild to backdoor Windows systems

A new stealthy rootkit was used by an unknown threat actor to backdoor targeted Windows systems in a likely ongoing espionage campaign dubbed TunnelSnake and going back to at least 2018.
- Sergiu Gatlan
- May 06, 2021
- 10:31 AM
- 0
Purple Fox malware worms its way into exposed Windows systems

Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks.
- Sergiu Gatlan
- March 23, 2021
- 04:54 PM
- 30
Microsoft fixes Secure Boot bug allowing Windows rootkit installation

Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled.
- Sergiu Gatlan
- January 13, 2021
- 11:24 AM
- 1
MosaicRegressor: Second-ever UEFI rootkit found in the wild

The second-ever UEFI rootkit used in the wild was found by security researchers during investigations surrounding attacks from 2019 against two non-governmental organizations (NGOs).
- Sergiu Gatlan
- October 05, 2020
- 01:35 PM
- 0