New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using “Magic Packets”

by | June 14, 2022 | Malware

A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet.

“The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit hard to detect,” Avast security researchers David Álvarez and Jan Neduchal said in a report published Monday.

Adore-Ng, an open-source rootkit available since 2004, equips the attacker with full control over a compromised system. It also facilitates hiding processes as well as custom malicious artifacts…

See More

Skip to content