Giters

alfonmga / hiding-cryptominers-linux-rootkit

Linux rootkit POC to hide a crypto miner's process and CPU usage.

Home Page:https://alfon.xyz/posts/hiding-cryptominers-linux

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

linuxrootkitcryptominerxmrig

hiding-cryptominers-linux-rootkit

Notice: This LKM rootkit is unmaintained. Please use Diamorphine as an alternative.

Related post: https://alfon.xyz/posts/hiding-cryptominers-linux

Features

  • Hide process
  • Hide process CPU usage
  • Hide files that his filename starts with the MAGIC_PREFIX

Rootkit installation

Build

$ git clone https://github.com/alfonmga/hiding-cryptominers-linux-rootkit
$ cd hiding-cryptominers-linux-rootkit/
$ make

Loading LKM:

$ dmesg -C # clears all messages from the kernel ring buffer
$ insmod rootkit.ko
$ dmesg # verify that rootkit has been loaded

Unloading LKM:

$ rmmod rootkit
$ dmesg # verify that rootkit has been unloaded

About

Linux rootkit POC to hide a crypto miner's process and CPU usage.

https://alfon.xyz/posts/hiding-cryptominers-linux

linuxrootkitcryptominerxmrig

License:The Unlicense

Languages

Language:C 91.8%Language:Assembly 5.0%Language:Makefile 3.2%