New Linux Rootkit
a year ago
- #Linux
- #Rootkit
- #Cybersecurity
- A working rootkit named 'Curing' has been released, exploiting the Linux kernel's io_uring feature to perform malicious activities undetected.
- Many cybersecurity solutions rely on monitoring system calls, but attackers can bypass these by using io_uring, allowing stealthy network connections or file tampering.
- The company ARMO, which disclosed this research, also markets a product claiming to block such attacks.
- A suggested mitigation is disabling io_uring, with minimal performance impact in most cases.
- The io_uring feature may have been implemented with insufficient consideration for auditing and security.