New Linux Rootkit "Curing" Exploits io_uring for Stealthy Attacks

A new rootkit called "Curing" has been released by the company ARMO. This rootkit leverages io_uring, a feature built into the Linux kernel, to perform malicious activities stealthily without being detected by many current detection solutions on the market. The issue lies in the heavy reliance on monitoring system calls, a method favored by many cybersecurity providers. Attackers can bypass these monitored calls by using io_uring, allowing them to establish network connections or manipulate files without triggering the usual alarms. The rootkit's code is available on GitHub.