The Umbreon rootkit runs from user mode but hijacks libc system calls -Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove.
Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015 and is now being sold on the underground markets. It targets Linux-based systems on the x86, x86-64 and ARM architectures, including many embedded devices such as routers.
According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn't need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system.
- Fedora 26 Supports Single “Unified” OS Images for Multiple ARM Platforms
- Raspberry Pi devices transformed into cryptocurrency miners by Linux malware
- Freeing an HP Chromebook 11 with Arch Linux ARM
- FalconGate Open Source Anti-Hackers Smart Gateway Runs on Raspberry Pi, Banana Pi, and other ARM Debian Boards
- How to Control Your Air Conditioner with Raspberry Pi Board and ANAVI Infrared pHAT
- How to securely connect to a Raspberry Pi from anywhere