Skip to content

minzak/hiding-cryptominers-linux-rootkit

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
khook
khook
 
 
Kbuild
Kbuild
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
main.c
main.c
 
 
main.h
main.h
 
 

Repository files navigation

hiding-cryptominers-linux-rootkit

Related post: https://alfon.io/posts/hiding-cryptominers-linux

Features

  • Hide process
  • Hide process CPU usage
  • Hide files that his filename starts with the MAGIC_PREFIX

Rootkit installation

Build

$ git clone https://github.com/alfonmga/hiding-cryptominers-linux-rootkit
$ cd hiding-cryptominers-linux-rootkit/
$ make

Loading LKM:

$ dmesg -C # clears all messages from the kernel ring buffer
$ insmod rootkit.ko
$ dmesg # verify that rootkit has been loaded

Unloading LKM:

$ rmmod rootkit
$ dmesg # verify that rootkit has been unloaded

About

Linux rootkit used to hide a cryptominer process and CPU usage.

alfon.io/posts/hiding-cryptominers-linux

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 91.4%
  • Assembly 5.2%
  • Makefile 3.4%