Rutkit

Rootkit is a program that hides its own malicious activities from antiviruses, or masks the work of other malware, such as trojans. Rootkit hides system processes, files, drivers, registry entries, and network connections, among other things, preventing antiviruses from identifying traces of the malicious program.

The functionality of rootkits is varied: they can steal passwords, bank card data, read keystrokes, remotely control bots for DDoS attacks, disable antivirus, etc., etc.

The name is derived from root (“superuser” in Unix terminology) and kit (“kit”). That is, a rootkit is a set of tools for system actions with administrator rights. In fact, rootkits can be divided into two categories: user-level and kernel-level.

A rootkit with user rights has the same status as any normal application installed by the victim user. They masquerade as a system process and parasitize applications, disrupting their work or adjusting it as needed.

“Nuclear” rootkits gain full access to the system at the OS kernel level. This is their most dangerous variety. Detecting and removing a nuclear rootkit is much more difficult than a user-level rootkit. One example is the Backdoor.Win32.Sinowal rootkit, which infects the MBR (Master Boot Record) boot sector of the hard disk and runs before the system boots, gaining full control over it.

Rootkits are downloaded under the guise of freeware, hidden behind banners and links on infected sites, and downloaded from external drives (flash drives, SD cards, disks).