According to the researchers from the Elastic Security Lab, a new rootkit called PUMAKIT can perform various advanced evasion mechanisms.
When Elastic Security researchers discovered PUMAKIT while routinely hunting for threats on VirusTotal, they described it as PUMAKIT. Many stages are involved in deploying this multi-stage malware, including a dropper, two memory-resident executables, an LKM rootkit module, and a shared object rootkit, all of which are used in the userland.
To manipulate core system behaviours, the rootkit component can hook into 18 different syscalls and several kernel functions using an internal Linux function tracer (ftrace), which enables it to control the behaviour of core system components.
The rootkit is an advanced persistent threat (APT) that tends to target critical organizations with specific programs designed to establish persistence within compromised systems.
The rootkit is often used by APT groups in their attempts to target critical organizations with specific programs.
As a result of the discovery of this Linux rootkit malware called Pumakit, it can evade detec
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: