The Umbreon rootkit runs from user mode but hijacks libc system calls -Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove.
Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015 and is now being sold on the underground markets. It targets Linux-based systems on the x86, x86-64 and ARM architectures, including many embedded devices such as routers.
According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn't need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system.
- How to Install Domoticz Home Automation System in NanoPi NEO and Other ARM Linux Boards
- GCC Tackling Support For ARMv8-M Security Extensions
- Raspberry Pi Foundation Releases Patch to Fix "Dirty COW" Bug in Raspbian Linux
- Fedora 25 Beta Linux distro now available for Raspberry Pi -- here's how to install it
- Pokemon-Themed Umbreon Rootkit Targets Linux x86 and ARM Platforms
- U-Boot Now Supports UEFI on 32-bit and 64-bit ARM Platforms