Have you ever tried to do something on your computer, only to get a pop-up that says you need administrator privileges to complete the action? That’s because there are certain actions or changes that should only be made by the computer’s owner or a trained computer professional. Over the years, different types of malicious software (“malware”) have found ways of getting around those permission blocks. Rootkits, in particular, are a kind of malware that gives cybercriminals access to parts of a victim’s computer or software that they would not otherwise have.
Once a rootkit is on your machine, it can allow attackers full access to your computer, track and report on everything you do on the computer, install programs without your consent, modify legitimate programs you installed, hijack your system resources, and much more. The trouble with rootkits is that they can use their admin privileges to hide themselves and other malware, like keyloggers, from software that could catch them, such as antivirus programs. Not only are they difficult to detect, but this ability to hide themselves also makes them difficult to remove.
Possible symptoms of a rootkit infection include, but are not limited to, the following: your antivirus/antimalware software stops working for no reason that you can see; Windows® settings change on their own; pinned items in your taskbar or background images change or disappear on their own; you notice a lot of network traffic coming from your computer even when it’s idle.
A rootkit won’t spontaneously appear on your computer. Typically, they end up there by piggybacking on a file you’re trying to download. This is yet another reason we and other security companies recommend you only download files, apps, images, music, movies, etc. from legitimate, trusted sources, and exercise extreme caution when opening links or downloads sent to you via email, social media, or other messaging platform. Even if the sender is a close friend or family member, it’s tough to be sure their account isn’t being spoofed or used to spread malware.