Linux rootkit used to hide a cryptominer process and CPU usage.

Related tags

Cryptography linux rootkit cryptominer
Overview

hiding-cryptominers-linux-rootkit

Related post: https://alfon.io/posts/hiding-cryptominers-linux

Features

  • Hide process
  • Hide process CPU usage
  • Hide files that his filename starts with the MAGIC_PREFIX

Rootkit installation

Build

$ git clone https://github.com/alfonmga/hiding-cryptominers-linux-rootkit
$ cd hiding-cryptominers-linux-rootkit/
$ make

Loading LKM:

$ dmesg -C # clears all messages from the kernel ring buffer
$ insmod rootkit.ko
$ dmesg # verify that rootkit has been loaded

Unloading LKM:

$ rmmod rootkit
$ dmesg # verify that rootkit has been unloaded
You might also like...
Text-Crypt is a tool which encrypts and decrypts texts using a specific and certain key.
Text-Crypt is a tool which encrypts and decrypts texts using a specific and certain key.

Text-Crypt is a tool which encrypts and decrypts texts using a specific and certain key. This tool uses Caesar Cypher Algorithm to encrypt and decrypt a given text.

AnonabdulJ 4 Dec 24, 2021
An open source, portable, easy to use, readable and flexible SSL library

README for Mbed TLS Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocol

Arm Mbed 3.9k Jan 7, 2023
TLS/SSL and crypto library

Welcome to the OpenSSL Project OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protoco

OpenSSL 20.5k Jan 6, 2023
A collection of hash functions, ciphers, tools, libraries, and materials related to cryptography & security. :closed_lock_with_key::closed_lock_with_key::closed_lock_with_key::closed_lock_with_key::closed_lock_with_key: (project was renamed, libchaos is main)

_""^^"-. / / \ \ | |.-""-.| ___ ___ _____ _____ ___ ___ ////`.;;;;.`\ | _ \ __|_ _|_ _| __| _

Maciej A. Czyzewski 79 Nov 26, 2022
Library and command line tool to detect SHA-1 collision in a file

sha1collisiondetection Library and command line tool to detect SHA-1 collisions in files Copyright 2017 Marc Stevens [email protected] Distributed

Marc Stevens 1.2k Dec 29, 2022
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Tink A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Ubuntu

Google 12.9k Jan 9, 2023
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Jan 6, 2023
MIRACL Cryptographic SDK: Multiprecision Integer and Rational Arithmetic Cryptographic Library is a C software library that is widely regarded by developers as the gold standard open source SDK for elliptic curve cryptography (ECC).

MIRACL What is MIRACL? Multiprecision Integer and Rational Arithmetic Cryptographic Library – the MIRACL Crypto SDK – is a C software library that is

MIRACL 524 Jan 2, 2023
BTCU Wallet is the original Bitcoin Ultimatum client and it builds the backbone of the network.

The concept of BTCU is similar to the concept of the second cryptocurrency by capitalization - Ethereum.

Bitcoin Ultimatum (BTCU) 31 Jul 1, 2022
Comments
  • Makefile: Error

    Makefile: Error 

    make -C /lib/modules/4.19.0-18-amd64/build M=$PWD
make[1]: *** /lib/modules/4.19.0-18-amd64/build: No such file or directory.  Stop.
make: *** [Makefile:3: all] Error 2

    Above is the error when I run "make". plz help.

    opened by BlackhatSuj 1
  • Cannot make

    Cannot make

    make[1]: Entering directory '/usr/src/linux-headers-5.13.0-1019-gcp' CC [M] /root/hiding-cryptominers-linux-rootkit/main.o LD [M] /root/hiding-cryptominers-linux-rootkit/rootkit.o MODPOST /root/hiding-cryptominers-linux-rootkit/Module.symvers CC [M] /root/hiding-cryptominers-linux-rootkit/rootkit.mod.o LD [M] /root/hiding-cryptominers-linux-rootkit/rootkit.ko BTF [M] /root/hiding-cryptominers-linux-rootkit/rootkit.ko Skipping BTF generation for /root/hiding-cryptominers-linux-rootkit/rootkit.ko due to unavailability of vmlinux make[1]: Leaving directory '/usr/src/linux-headers-5.13.0-1019-gcp'

    opened by lutfiirhmn 0
  • cannot make file

    cannot make file

    make -C /lib/modules/5.4.104+/build M=$PWD make[1]: *** /lib/modules/5.4.104+/build: No such file or directory. Stop. Makefile:3: recipe for target 'all' failed make: *** [all] Error 2

    opened by chikahusarii 5
Owner
Alfon
Making stuff at @AMGAVentures.
Alfon
GitHub https://alfon.io/posts/hiding-cryptominers-linux
XMRig is a high performance, open source, cross platform RandomX, KawPow, CryptoNight and AstroBWT unified CPU/GPU miner

XMRig is a high performance, open source, cross platform RandomX, KawPow, CryptoNight and AstroBWT unified CPU/GPU miner and RandomX benchmark. Official binaries are available for Windows, Linux, macOS and FreeBSD.

null 7.3k Jan 9, 2023
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence.

Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM.

Code Intelligence 692 Dec 28, 2022
Intel:registered: Homomorphic Encryption Acceleration Library accelerates modular arithmetic operations used in homomorphic encryption

Intel Homomorphic Encryption Acceleration Library (HEXL) Intel ®️ HEXL is an open-source library which provides efficient implementations of integer a

Intel Corporation 166 Dec 30, 2022
CoinBrowser is a tool for Freqtrade where the program writes pairs into text file to be used with spesific exchange.

CoinBrowser CoinBrowser is a tool for Freqtrade where the program writes pairs into text file to be used with spesific exchange. Data for this program

null 25 Dec 14, 2022
The Keccak (SHA-3) hash used by Ethereum.

The Keccak (SHA3) digest for Ruby This Ruby extension exposes the Keccak (SHA3) digest C bindings in the non-final version used by Ethereum. It is bas

Afr Schoe 18 Nov 3, 2022
Linux Eelvation

What's this This project is mainly used to collect the exp for Linux platform privilege promotion, only to help penetration testers quickly achieve pr

Al1ex 297 Jan 4, 2023
🔨 Linux Hash Cracker

?? Linux Hash Cracker Technologies • Project • Installing • How to use • Contributing • License ?? Technologies This project was developed with the fo

</Dantalion> 32 Nov 4, 2022
LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.

libtomcrypt Previously the git repository contained doc/crypt.pdf for detailed documentation. This was changed and the file is now only available from

libtom 1.3k Dec 29, 2022
x509cert is a tool and library for generating X.509 certificates and certificate requests.

x509cert is a tool and library for generating X.509 certificates and certificate requests. It is written in C99 and uses BearSSL to decode keys and compute signatures.

Michael Forney 10 Sep 5, 2022
HashLibPlus is a recommended C++11 hashing library that provides a fluent interface for computing hashes and checksums of strings, files, streams, bytearrays and untyped data to mention but a few.

HashLibPlus HashLibPlus is a recommended C++11 hashing library that provides a fluent interface for computing hashes and checksums of strings, files,

Telepati 6 Dec 22, 2022