Rootkit is a clandestine computer software designed to perform a wide range of malicious activities.
Having a clear understanding of how these three tools differ from each other is vital when it comes to the cyberthreat landscape. Here’s a look at it.
Gootkit
Gootkit is a trojan horse, first spotted in 2014.
Its capabilities include infiltration of banking accounts, stealing credentials and manipulating online banking sessions.
The malware uses three main modules: The Loader, The Main Module and The Web Injection Module. The Loader module is the first stage of the trojan which sets up the persistent environment. The main module creates a proxy server that works in conjunction with the new browser injection module.
There is no defined propagation process of the malware. It uses phishing emails, exploit kits such as Neutrino, Angler, and RIG to spread to targeted systems.
Rootkit
Rootkit is a clandestine computer software designed to perform a wide range of malicious activities. This includes allowing hackers to steal passwords and modules that make it easy to capture credit card or online banking information.
Rootkit can also give attackers the ability to disable security software and record keystrokes, simplifying the stealing process for criminals.
There are five types of rootkits: Hardware or firmware rootkit; Bootloader rootkit; Memory rootkit; Memory rootkit; Application rootkit and Kernel-mode rootkit.
Rootkit leverages phishing emails and infected mobile apps to propagate across systems.
Bootkit
Bootkit is an advanced form of Rootkit that targets the Master Boot Record located on the physical motherboard of the computer.
Infection by Bootkit can cause system instability and result in Blue Screen warning or an inability to launch the operating system.
Some bootkit infections may display a warning and demand a ransom to restore the computer to operational capacity.
The malicious software usually spreads via bootable floppy disks and other bootable media. However, recently, it is distributed via a harmless software program, phishing emails or free downloads. Alternatively, bootkit can also be installed via a malicious website utilizing vulnerabilities within the browser.