What is a Rootkit?

A Rootkit is a piece of malware that serves as a toolkit to allow the attackers to access your computer in various ways. It is named for having the most fundamental level of access, or "root" access, and being a kit of tools.


The rootkit essentially opens a backdoor for the attackers to access your machine on a consistent, repeated basis. Essentially this turns your computer into a resource to be used by the attackers as they see fit. They may use this access to install other malware, such as a Keylogger, to attack you and your information, or they may use your computer to attack other computers if there are a lot of other computers on the network, such as in a business environment. The attackers may use the rootkit on one machine to attempt to attack and compromise other machines. Using these techniques, attackers can spread laterally through a network until they locate a target worth focusing on. Because of the low-level access of Rootkits, they can be difficult to remove, which is what the malicious actor is looking for.

Return to the Malware Glossary page.