Skip to content
MalwareWiki

Malware

RegPhantom

According to Nexttron Systems, RegPhantom is a stealthy Windows kernel rootkit designed to give attackers code execution in kernel mode while leaving very little visible evidence behind.

RegPhantom is a Windows malware family.

Background

Nextron Systems describes RegPhantom as a covert Windows kernel rootkit built to grant attackers kernel-mode code execution while leaving only minimal traces. It weaponizes the Windows registry as a hidden command channel: a usermode process writes an encrypted command to the registry, and the driver intercepts that write and converts it into arbitrary code execution in kernel mode.

Source: Malpedia (Fraunhofer FKIE).