cybersecurity Glossary

What is Rootkit?

A rootkit is malicious software designed to hide its presence and the activity of an attacker from a system.

To do this, the rootkit runs on a system with the highest privileges and intercepts and manipulates system calls making it virtually invisible to an administrator or monitoring software.

The objective of a rootkit is to reach the kernel of the operating system, or even to be placed with a higher level of privileges in the hypervisor or in the firmware.

Detecting a rootkit can be done through forensic analysis of an infected system or through software that identifies anomalies, although it is a complex process due to the sophistication of this piece of software.