Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...
Infosecurity-magazine.com

New Syslogk Linux Kernel Rootkit Uses "Magic Packets" to Trigger Remote Backdoor Access

A new Linux kernel rootkit dubbed ‘syslogk’ has been spotted in the wild by Avast cybersecurity researchers. According to an advisory by David Álvarez and Jan Neduchal, syslogk would be able to cloak ...
TechCrunch

Scranos, a new rootkit malware, steals passwords and pushes YouTube clicks

Security researchers have discovered an unusual new malware that steals user passwords and account payment methods stored in a victim’s browser — and also silently pushes up YouTube subscribers and ...
Computerworld

New rootkit hides in hard drive’s boot record

A rootkit that hides from Windows on the hard drive’s boot sector is infecting PCs, security researchers said today. Once installed, the cloaking software is undetectable by most current antivirus ...
PC World

Stealthy, tricky to remove rootkit targets Linux systems on ARM and x86

Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove. Called Umbreon, after a Pokémon character that hides in the ...
techtimes

Microsoft Confirms Rootkit Malware to Be Allowed on Windows After Signing It Off, Is it Gone Now?

Microsoft has confirmed that it has signed off on the recently discovered "rootkit malware" found on the Windows platform, which is believed to be a potential point of access for threat actors. The ...
ZDNet

New Moriya rootkit stealthily backdoors Windows systems

In a campaign dubbed Operation TunnelSnake by Kaspersky researchers, the team said on Thursday that an advanced persistent threat (APT) group, origin unknown but suspected of being Chinese-speaking, ...
Network World

Sony BMG rootkit scandal: 5 years later

The revelation 5 years ago that Sony BMG was planting a secret rootkit onto its music customers’ Windows PCs in the name of anti-piracy is seen now as one of the all-time significant events in IT ...
ZDNet

Sony recalls risky 'rootkit' CDs

Record label Sony BMG Music Entertainment said Tuesday that it will recall millions of CDs that, if played in a consumer's PC disc drive, will expose the computer to serious security risks. Anyone who ...