I see my response was ambiguous. Of course I meant rootkit was always malicious. It was used by intruder to gain root back after admin though he restored the host after being hacked.
Rootkits are the reason why it is recommended to wipe the whole system after being hacked, because you can't be sure there there wasn't anything installed.
Rootkits are the reason why it is recommended to wipe the whole system after being hacked, because you can't be sure there there wasn't anything installed.