hiding-cryptominers-linux-rootkit
hiding-cryptominers-linux-rootkit copied to clipboard
Linux rootkit POC to hide a crypto miner's process and CPU usage.
hiding-cryptominers-linux-rootkit
Notice: This LKM rootkit is unmaintained. Please use Diamorphine as an alternative.
Related post: https://alfon.xyz/posts/hiding-cryptominers-linux
Features
- Hide process
- Hide process CPU usage
- Hide files that his filename starts with the MAGIC_PREFIX
Rootkit installation
Build
$ git clone https://github.com/alfonmga/hiding-cryptominers-linux-rootkit
$ cd hiding-cryptominers-linux-rootkit/
$ make
Loading LKM:
$ dmesg -C # clears all messages from the kernel ring buffer
$ insmod rootkit.ko
$ dmesg # verify that rootkit has been loaded
Unloading LKM:
$ rmmod rootkit
$ dmesg # verify that rootkit has been unloaded