hidden_kernel_module - a linux kernel module that is hidden was detected.
An event marking that a loaded hidden kernel module was detected on your system. This event helps in providing a strong indication that your system is compromised. It periodically checks for a hidden module.
const char*[K] - the memory address of the hidden kernel module.
const char*[K] - the name of the hidden kernel module.
Self-triggered hook by uprobing itself.
Example Use Case¶
./tracee -e hidden_kernel_module