Change-log

Incorporated the so called Umbra Modules:

• Umbra modules: malware-like extensions for Umbra which can be triggered via the Umbra Injector.
• The rootkit backdoor now listens for the new injector requests accordingly.

Ransom: A ransomware-like module

• New Umbra Module "Ransom", a trivial ransomware program using a simple (very bad) encryption algorithm.
• Ransom can be used to encrypt or decrypt a whole directory (recursively, including sub directories) remotely.
• Encrypted files appear as .ubr files.

Other changes

• Added a script for installing Umbra and configuring the environment.
• New explanatory gifs on the README and updated other parts.
• Minor fixes.

Changelog:

Added stealth capabilities for Umbra

• New hooks so that the user no longer can see any file/directory of Umbra via ls or similar commands.
• New signals to trigger Umbra's visibility by lsmod commands and similar. Umbra no longer can be removed by rmmod in invisible mode.
• Improvements in the backdoor: New payloads are recognized for new functionalities of the Umbra Injector.

Major update of the Umbra Injector

• Possible to get a reverse shell remotely just with the client, no longer need of starting a separate netcat listener.
• New modes: Hiding/unhiding the rootkit remotely.
• New getopt system, with help manual.

Changelog:

Incorporated network backdoor which will spawn a reverse shell to a remote host when receiving a malicious TCP packet.

• Added netfilter hooks.
• Module for processing network packets.

Added a client to trigger the backdoor remotely.

• Using my library RawTCP.

Other changes.

• Updated README and added examples.
• Fixed some bugs

Changelog:

• Added ftrace hooks for kill
• Privilege escalation for kill signals
• Netcat reverse shell added
• Start reverse shell with kill signal
• Created functional LKM.
• In general, just added all base code for the project.