Rootkit Definition
A rootkit is a special type of malware that is designed to give hackers access and control over a targeted device. Most rootkits affect software and the operating system. However, some can also infect computer hardware and firmware. Rootkits are usually not easy to notice for users without the right level of expertise and they remain active even when hidden.
Once they have gained unauthorized access to computers, rootkits allow attackers to steal personal data, install malware, or use the attacked device as part of a botnet to circulate spam and participate in distributed denial of service (DDoS) attacks.
The name “rootkit” comes from operating systems based on Unix and Linux, where the administrator of the account with the highest privileges is called “root”. Applications that allow unauthorized root or administrator-level access to the device are known as “kits”.
Hackers install rootkits on targeted machines in several ways:
- The most common is phishing or a social engineering attack. Victims unknowingly download and install malware that is hidden within the other processes running on the machines. This gives hackers a great deal of control over the operating system.
- Another way is to exploit a vulnerability—often this is a weakness in an outdated software or operating system—and simply force the rootkit into your computer.
- Malware can also be associated with other file types, such as infected PDFs, pirated media, or apps obtained from suspicious sources.