32.Lock Code Circular

new kernel module rootkit malware was released recently on GitHub, dubbed Reptile. It’s an open-source rootkit that has the ability to hide itself, other malicious codes, files, directories, and network traffic.

While, unlike other rootkit malware, Reptile stands out with a reverse shell, enabling easy system control, and its signature move is Port Knocking.

Port Knocking opens a specific port on an infected system, connecting it to the C&C server upon receiving an attacker’s Magic Packet.

The cybersecurity researchers at ASEC recently identified this new rootkit malware.

Reptile aids malware installation and equips attackers with Listener, a command line tool that awaits a reverse shell connection to execute on infected systems, granting control to the attacker.

Attackers can operate a reverse shell without specifying the C&C server by forwarding specific packets using Port Knocking. Packet, a command line tool, receives parameters for the reverse shell connection and port knocking method.