A rootkit is a piece of software that hides programs or processes running on a computer. It is often used to conceal computer misuse or data theft.

A significant proportion of current malware installs rootkits upon infection to hide its activity.

A rootkit can hide keystroke loggers or password sniffers, which capture confidential information and send it to hackers via the internet. It can also allow hackers to use the computer for illicit purposes (e.g., launching a denial-of-service attack against other computers, or sending out spam mail) without the user’s knowledge.

Endpoint security products now often detect and remove rootkits as part of their standard anti-malware routines, although some rootkits require a standalone removal tool to effectively remove them.