Rootkit

Security+ 🏆 • Threats ⚠️ • Difficulty: free

Definition

A rootkit is malware designed to hide itself and other malicious activity by modifying or abusing low-level parts of a system. Rootkits help attackers maintain stealthy, persistent access, often by interfering with how the operating system reports processes, files, and security events.

Examples

A rootkit hides a malicious process so endpoint tools and administrators do not see it in normal system listings.
An attacker installs a kernel-level rootkit to maintain persistent access and conceal credential theft activity.

Discover 🔎

Many malware types focus on causing damage or stealing data quickly. A rootkit focuses on staying hidden. It is designed to make a compromised system appear normal, even while malicious activity is happening in the background. Because rootkits interfere with the system’s view of reality, they are among the more serious forms of compromise.

Remember: The goal of a rootkit is stealth. It is not just malware on a system, it is malware that tries to hide the evidence of malware.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.