Researchers Develop Curing Rootkit to Bypass Traditional Linux Detection Systems

Researchers have created a proof-of-concept (PoC) rootkit called Curing, which leverages the io_uring feature of Linux to bypass traditional system call monitoring. Researchers from Armo demonstrated that Curing exploits the asynchronous I/O mechanism io_uring of Linux to perform various tasks without using syscalls, making it difficult to detect by traditional monitoring systems.