Submission + - Stealthy, tricky to remove rootkit targets Linux systems on ARM and x86 (pcworld.com)
Kinwolf writes: Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove. Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015, runs from user mode but hijacks libc system calls. According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn't need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system.
