Pumakit, a newly discovered Linux malware rootkit, evades detection through advanced hiding techniques and targets systems running versions older than 5.7.
Identified by Elastic in September, Pumakit is a multifaceted rootkit containing a dropper, memory-resistant executables, and both kernel and userland rootkits designed for high stealth.
Its infection process involves a stepwise approach: starting with a dropper called cron, progressing to child processes that potentially compromise system integrity before loading a kernel module.
Pumakit's goal is to execute stealthy privilege escalation tactics, checking for secure boot status and other conditions to determine activation, reflecting a sophisticated threat landscape.
Collection
[
|
...
]