1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stealthy, tricky to remove rootkit targets Linux systems on ARM and x86

Discussion in 'Network World' started by RSS, Sep 6, 2016.

  1. RSS

    RSS New Member Member

    Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove.

    Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015 and is now being sold on the underground markets. It targets Linux-based systems on the x86, x86-64 and ARM architectures, including many embedded devices such as routers.

    According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn't need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page