What is a Rootkit?

A Rootkit is a collection of malware that often masks its existence and is designed to enable access to a computer or an area of its software that is typically not allowed. Rootkits can contain a number of tools that can allow hackers to steal your passwords, credit card, or online banking information, or give hackers the ability to disable security software and track which keys you use on your keyboard. Because of the ability to disable security software, rootkits are difficult to detect on a system and can infect your system from opening email attachments that are infected or through infected apps that are downloaded.

Types of Rootkits:

  • Hardware or firmware rootkit - This type of malware could infect your computer’s hard drive or its BIOS, allowing cybercriminals to intercept data written on the disk.

  • Bootloader rootkit - This form of rootkit attacks the bootup system, replacing your computer’s legitimate bootloader with a hacked one, which means that this rootkit is activated even before your computer’s operating system turns on.

  • Memory rootkit - This kind of rootkit hides in a computer's RAM and will carry out its harmful actions in the background. These will disappear when you reboot the system, as they only live in the RAM, which goes away when you turn off or reboot your system.

  • Application rootkit - As the name implies, this kind of rootkit affects applications and can change the way standard applications work. These rootkits could infect everyday programs such as Microsoft Word, Notepad, or Microsoft Paint, and give hackers access to your computer every time you run them. 

  • Kernel-mode rootkits - These target the core of a computer's operating systems, and allow hackers to change how your operating system functions, which gives them easy access to your personal information.

How to Defend Against Rootkits:

  • Always run updates for your computer's operating system and applications.

  • Be on the lookout for phishing emails. You can read up on signs to look for to determine if an email is a phishing scam or not by clicking here.

  • Be careful of drive-by downloads. This happens when you visit a website and it automatically installs malware on your computer.

  • Never download a file sent by someone you don't know, and double-check with people you do know to verify they sent an attachment to you (if the email seems suspicious).

Removing a Rootkit:

Detection of rootkits on a system can be challenging, as it tends to stay hidden in the background of the computer. You can use utilities that are designed to look for known and unknown types of rootkits using various methods, including signatures or known behavior patterns. But, removing a rootkit is very complex and usually requires specialized tools. At the worst, it may be necessary for the victim to delete and reinstall the operating system.


Companies trust BeCloud to secure their businesses.

Join us and make your company a more secure place.