BEURK – Linux Userland Preload Rootkit

BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.

Being a userland rootkit it gives limited privileges (whatever the user has basically) vs a superuser or root level rootkit.


  • Hide attacker files and directories
  • Realtime log cleanup (on utmp/wtmp)
  • Anti process and login detection
  • Bypass unhide, lsof, ps, ldd, netstat analysis
  • Furtive PTY backdoor client




Enjoy !


The following packages are not required in order to build BEURK at the moment:

  • libpcap – to avoid local sniffing
  • libpam – for local PAM backdoor
  • libssl – for encrypted backdoor connection

You can download BEURK here:

Or read more here.

Leave a Reply

Your email address will not be published.