Experts have discovered a new rootkit in attacks on Windows systems. They dubbed the malicious campaign TunnelSnake and think that it has been active at least since 2018.

Kaspersky Lab specialists named the new rootkit as Moriya. The malware also acts as a backdoor allowing operators to spy on victims without being detected by antivirus programs.

With the help of Moriya, threat actors could capture and analyze incoming traffic, for which the malware gains access to the Windows kernel's address space. In addition, the rootkit allows to send commands to the infected host. The backdoor receives instructions in the form of specially crafted packets hidden within the victim's network traffic.

Source: anti-malware.ru