It'll be done when it's done
Midas is a malware created for experimental purposes. It is not anything groundbreaking, special, etc. and it's likely to have its plans foiled by common security measures. However, I have relatively few security measures on my computer, and it would likely work on my computer. So obviously it's not worthless, either.
Here's how it works:
- gain persistence via
systemctl --user - wait for the user to run
sudo - process inject said process to utilize its priviledges to run code as root
- remove the kernel module from itself
- insert said module, which will do the following:
- hide itself (syscall hijacking)
- create, maintain, and hide a daemon
- clean up old
systemctl --userevidence - you now have a rootkit on your system
There are lots of places this process can go wrong:
ptraceinterface is restricted (default, but altered sometimes)- kernel modules need to be signed (very situational)
THIS EXISTS FOR E X P E R I M E N T A L PURPOSES ONLY
SEE LICENSE AND HOW OVER THE TOP CYBERCRIME PUNISHMENTS ARE