Umbreon is a so-called ring 3 rootkit that runs from user mode and doesn’t need kernel privileges. It uses a trick to hijack the standard C library (libc) functions without installing any kernel objects. The rootkit also creates a hidden Linux account that can be accessed via any authentication method supported by Linux, including SSH (Secure Shell) Researchers say it’s hard to detect using standard Linux tools because most of them are written in C and rely on libc, whose output the rootkit hijacks. Umbreon also has a backdoor component called Espeon, named after another Pokmon character.”]