// THREAT DETECTION AND DATA PRIVACY TERM
Rootkit
A rootkit is a type of malicious software designed to hide its own existence and the presence of other malware on a computer. This allows an attacker to maintain persistent, privileged access to a system while remaining undetected.

TECHNICAL DEFINITION
A rootkit is a clandestine software collection, a form of malware, that grants an attacker persistent, privileged (root-level) access to a compromised computer system by actively concealing its processes, files, and system data from detection by security software and system administrators, often by modifying the operating system kernel or firmware.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- stealth malware
- kernel-level malware
- concealment software
- system subverter
- backdoor kit
- bootkit
USAGE NOTE
Because they operate at a very low level of the system, rootkits are notoriously difficult to detect and remove, often requiring specialized tools or a complete system wipe.
DEVELOPERS
Organizations developing technology related to Rootkit.
A cybersecurity technology company that provides cloud-native endpoint security. Its Falcon platform uses behavioral analysis and artificial intelligence to detect and prevent sophisticated threats, including fileless malware and kernel-level rootkits, without relying on traditional signatures.
Now part of Google Cloud, Mandiant is a leader in incident response and threat intelligence. The company specializes in investigating and remediating complex cyberattacks, many of which involve advanced persistent threats (APTs) that deploy rootkits to maintain long-term, hidden access to compromised systems.
A global cybersecurity company that develops a wide range of security software. Its research division, the Global Research and Analysis Team (GReAT), is renowned for discovering and dissecting some of the most complex malware, including infamous rootkits like TDSS/TDL4.
An IT security company that offers anti-virus and firewall products. ESET researchers are known for their discovery and analysis of firmware-level threats, including the first-ever UEFI rootkit found in the wild, known as Lojax.
Formed from the merger of McAfee Enterprise and FireEye, Trellix provides extended detection and response (XDR) solutions. The company's technology and threat intelligence teams focus on detecting stealthy and persistent malware, including rootkits used in state-sponsored attacks.
A Romanian cybersecurity technology company providing endpoint security solutions. Bitdefender's products incorporate advanced anti-rootkit technologies designed to detect and remove malicious programs that hide their presence on a system's operating system.
A security software and hardware company that develops products for communication endpoint, encryption, network security, and unified threat management. SophosLabs, its threat research arm, actively analyzes malware and develops technologies to detect and block rootkit behavior.
A multinational cybersecurity company whose core products include advanced firewalls and cloud-based offerings. Its Cortex XDR platform is designed to identify and stop sophisticated attacks by analyzing data from any source, enabling the detection of rootkit activity and other stealthy techniques.