A Linux process is a running instance of a program. Linux operating systems are complete time-sharing systems. In other words, Linux is multitasking and multi-user systems. Malware and viruses are attacking Linux with the growing popularity of Linux based routers, phones, and other IoT devices. Linux kernel process masquerading is sometimes used by malware to hide when it is running. Let’s go over how you can unmask a piece of Linux malware using this tactic.
How to delete malware in Linux kernel process
From the blog post:
On Linux, the kernel has many threads created to help with system tasks. These threads can be for scheduling, disk I/O, and so forth.
When you use a standard process listing command, such as ps, these threads will show up as having [brackets] around them to denote that they are threads of some kind. Ordinary processes will not normally show up with [brackets] around them in the ps listing. The brackets denote that the process has no command-line arguments, which usually means it was spawned as a thread.