PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms

PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms 

Elastic Security Lab researchers discovered PUMAKIT, a sophisticated Linux rootkit capable of hiding files, escalating privileges, and evading system tools and detection. PUMAKIT uses an LKM rootkit named “PUMA” and ftrace hooks to modify core system functions, hooking 18 syscalls and several kernel functions to hide its presence. The malware activates under specific conditions, embedding ELF binaries within its dropper and using structured commands for privilege escalation and configuration retrieval.