A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...

A new Linux kernel rootkit dubbed ‘syslogk’ has been spotted in the wild by Avast cybersecurity researchers. According to an advisory by David Álvarez and Jan Neduchal, syslogk would be able to cloak ...

To defend against the new attacks, the researchers advise memory forensics as the number one way of spotting ToneShell ...

Attackers likely tied the creators of the XorDdos Linux remote access Trojan (RAT) have been wielding a separate Linux RAT for nearly two years without detection, using it to target organizations in ...

Kernel rootkits are tough enough to detect, but a researcher this week has demonstrated an even sneakier method of hacking Linux. The attack attack exploits an oft-forgotten function in Linux versions ...

Security analysts have been predicting that kernel rootkits, which cloak their activity by replacing a portion of a programs software kernel with modified code, are expected to continue to grow in ...

A malware program designed for Linux systems, including embedded devices with ARM architecture, uses a sophisticated kernel rootkit that’s custom built for each infection. The malware, known as ...

In the 64-bit version of Windows Vista, all kernel-mode drivers must be digitally signed, a change from earlier Windows, which encouraged signed drivers but didn't require them. This summer, Rutkowska ...