Types
Rootkit
Malware that hides its presence deep in the operating system — kernel, bootloader or firmware — to maintain stealthy, persistent control.
A rootkit is malware engineered for stealth and persistence. By burrowing into privileged layers — the kernel, bootloader, hypervisor or even firmware — it hides files, processes and network activity from the operating system and security tools, keeping an attacker resident for years.
Why they're dangerous
Rootkits sit beneath the very tools meant to detect them. State-grade implants like Snake used kernel-level rootkits to run global espionage networks largely undetected. Bootkits and firmware implants survive OS reinstalls and disk swaps.
Defense
Secure Boot and measured boot, kernel driver allowlisting, firmware integrity checks, and offline/forensic inspection when a host is suspected — you often can't trust a rootkitted system to report on itself.