New Linux Rootkit PUMAKIT Identified by Researchers
/ 1 min read
🐾 New Linux rootkit PUMAKIT poses significant cybersecurity threat. Researchers from Elastic Security Lab have identified a sophisticated Linux rootkit named PUMAKIT, which features advanced capabilities for privilege escalation, file concealment, and evasion of detection. The rootkit operates as a loadable kernel module (LKM) and employs a multi-stage architecture, including a dropper component and memory-resident executables. PUMAKIT utilizes syscall hooking and interacts with core system functions to alter behaviors while remaining stealthy. Notably, it activates under specific conditions, ensuring its presence is hidden from system tools. The rootkit has not been linked to any known threat actors, highlighting the increasing complexity of malware targeting Linux systems.
