BEURK – Linux Userland Preload Rootkit

Keep on Guard!

BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.

BEURK - Linux Userland Preload Rootkit

Being a userland rootkit it gives limited privileges (whatever the user has basically) vs a superuser or root level rootkit.


  • Hide attacker files and directories
  • Realtime log cleanup (on utmp/wtmp)
  • Anti process and login detection
  • Bypass unhide, lsof, ps, ldd, netstat analysis
  • Furtive PTY backdoor client




Enjoy !


The following packages are not required in order to build BEURK at the moment:

  • libpcap – to avoid local sniffing
  • libpam – for local PAM backdoor
  • libssl – for encrypted backdoor connection

You can download BEURK here:

Or read more here.

Posted in: Linux Hacking, Malware

, , , , , ,

Recent in Linux Hacking:
- BEURK – Linux Userland Preload Rootkit
- Linux Hacker Arrested After Traffic Stop
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Linux Hacking:
- Kon-Boot – Reset Windows & Linux Passwords - 142,039 views
- Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking - 127,418 views
- BackTrack v2.0 – Hackers LiveCD Finally Released - 101,706 views

Comments are closed.