The ability to remain installed and undetected makes Perfctl hard to fight.

Ars Technica is known for its  coverage of technology-related news and analysis, ranging from scientific breakthroughs to the latest gadgets and gaming developments. Readers can learn about emerging technologies, industry trends, and the societal impact of technological advancements through detailed articles and reviews.

Ars Technica

Thousands of Linux systems have been infected by a stealthy malware named Perfctl since 2021. Notable for exploiting over 20,000 common misconfigurations and a severe vulnerability in Apache RocketMQ (CVE-2023-33426), Perfctl uses advanced stealth tactics including rootkits, concealment of process and file names, and deletion of its binary post-installation to evade detection. It communicates over TOR and employs various methods to prevent detection by admin tools.

Thousands of Linux systems infected by stealthy malware since 2021

How The Callisto Protocol's Team Designed Its Terrifying, Immersive Audio