A rootkit is a type of malware that allows cybercriminals to gain remote, unauthorized access to  a computer without the owner’s knowledge. Using a malicious software bundle, hackers can gain total control over a device, allowing them to spy on the user, modify admin-level settings, and put personal data at risk.  

The term “rootkit” comes from Unix and Linux operating systems, where the highest account administrator is called the “root”, and the malicious tools used to breach access to a device are the “kit”. 

Alarmingly invasive and notoriously difficult to detect, a rootkit is the stealthiest tool in a hacker’s toolbox. 

How do they work?

Rootkits are commonly injected via phishing scams, which causes a target to download and install the malware onto a local computer. Rootkits can also be hidden in seemingly trustworthy files including PDFs, pirated media, and unverified third-party apps. Often, hackers will directly target vulnerable devices, getting where they want to go because of an outdated operating system or software with little of no security features. 

Once the rootkit has been planted, it nestles deep into the software near the core of the operating system. This makes it difficult for the victim to detect – and easy for a hacker to launch commands on the computer to initiate an attack. 

What can they do?

Hackers often use rootkits to access computers for use in botnets, which are then used both to circulate spam and to mount DDoS (distributed denial of service) attacks.

Rootkits are also used to steal personal data. Settled comfortably in your device, the hacker can silently track your everyday usage and keystrokes. This gives them access to anything you do on your computer as well as your passwords, credit card numbers and banking information. 

Rootkits alos allow hackers to eavesdrop on your real-time conversations, read your incoming and outgoing email and your SMS messages. The motivation: pounce on any personally identifiable information that gets typed in during the course of your day-to-day life. .

What are the signs?

  • Your system is acting strangely, including unexpected reboots, unrecognized bookmarks or unexpected link redirections. A rootkit may be trying to manipulate your computer’s OS. There may be someone actively mucking about. Regardless, if you see something, say something because it really could be something bad. 
  • Your settings have changed. This could be as simple as a screensaver, a task bar disappearing, or an incorrect date and time display. These are all signs that a rootkit is meddling with your preferences. 
  • Your internet service is unusually spotty. If a hacker is using a rootkit to send or receive high traffic from your computer, it could be bogging down your connection. 

What do I do if I have one?

Rootkit removal is difficult. They can outsmart basic security protections by deactivating and tampering with legitimate security and anti-virus programs, and even create a permanent cyber security “backdoor” into your system, which allows a hacker to come and go as they please. 

Running sophisticated rootkit removal software or performing boot-time scans may be effective. Unfortunately, the only option is often to reset the compromised system by wiping your device and reinstalling your OS. 


Sometimes, the worst villains are hidden in plain sight but they can be very well hidden. Rootkits are clandestine cyberattacks, known for their ability to conceal their presence within an infected system and operate unnoticed by the victim. 

Be wary of unknown files, links, and downloads that may slip rootkits into your device. Never open attachments from unknown senders, and keep software updated. 

It’s hard to catch something designed to stay hidden. Stay alert for weird behavior on your device, slowed internet connection, or surprising changes to your settings.