Rootkit

Sec+ Glossary 📖 • Threats ⚠️ • Security+ 02 • Difficulty: free

What is Rootkit?

A rootkit is malware designed to hide itself and other malicious activity by modifying or abusing low-level parts of a system. Rootkits help attackers maintain stealthy, persistent access, often by interfering with how the operating system reports processes, files, and security events.

Examples

A rootkit hides a malicious process so endpoint tools and administrators do not see it in normal system listings.
An attacker installs a kernel-level rootkit to maintain persistent access and conceal credential theft activity.

Discover 🔎

Many malware types focus on causing damage or stealing data quickly. A rootkit focuses on staying hidden. It is designed to make a compromised system appear normal, even while malicious activity is happening in the background. Because rootkits interfere with the system’s view of reality, they are among the more serious forms of compromise.

Remember: The goal of a rootkit is stealth. It is not just malware on a system, it is malware that tries to hide the evidence of malware.

Summary 📝

A rootkit is malware focused on stealth, designed to hide processes, files, connections, and other malicious activity by influencing how the system behaves and reports information. Rootkits can operate at different levels, including kernel and firmware, making them difficult to detect and remove. Defense relies on preventing privileged compromise and using trusted boot and monitoring, and confirmed cases often require rebuilding systems to restore trust.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.