Syslogk Rootkit: Activate Hidden Backdoors With Magic Packets

A new Linux rootkit malware named ‘Syslogk’ is being used in attacks to hide malicious processes, using specially crafted "magic packets" to awaken a backdoor laying dormant on the device.

The malware is currently under heavy development, and its authors appear to base their project on Adore-Ng, an old open-source rootkit.

Syslogk can force-load its modules into the Linux kernel (versions 3.x are supported), hide directories and network traffic, and eventually load a backdoor called ‘Rekoobe.’