What is a rootkit software?

A rootkit is a stealthy kind of software, generally malicious, designed to conceal the existence of certain programs or processes from normal detection methods and allow continued privileged access to a computer. Malware architects use rootkits to hide malware on a computer. Malware hidden by rootkits often screen, filter and steal data or abuse a computer’s resources, including using a PC for Bitcoin mining.

A rootkit is a collection of tools that allows administrator-level access to a system or computer network. The word "rootkit" is a concatenation of “root” (the original name of the privileged account on Unix operating systems) and the term “kit” (which refers to the software aspects that implement the tool). The word “rootkit” has a negative connotation because of its relationship with malware. It consists of spyware and other programs that monitor traffic and keystrokes, creating a “backdoor” into the system for a hacker’s use.

Rootkit installation may either be automated, or an attacker may install it once he has acquired root or administrator access. Acquisition of this access is a product of direct attack on a system or a password through cracking or social engineering. Installation makes it possible to hide the intrusion and also maintain privileged access. Full control over a system implies that the current software can be changed, including software that may be used in detecting or circumventing it.