Question

how does rootkit work?

Answer 1

a rootkit is a program or you can say software which runs in users computer without informing and getting permission from users, it has unauthorized access to the computer, It is similar to malware.
How Does it Work?
The first thing is how rootkit enters into the system one of the possible ways is the User will install or run a program without knowing like if you are downloading movies from sites it contains malicious files.which will infect your computer on downloading movies or anything.
After Entering into a system they will try to get root access and once they get it will modify user account permission and security. After getting root access it can run, read or write any file of the system.It can send your data to another system. It will give full access of your pc to attacker.
Extra Note-
You can check your system by seeing processes running in your computer in
Linux(ubuntu)-write command "ps -aux" to get running process and if you fill your pc is slowing you can use "htop" command to identify which process is taking more space and cpu which could be rootkit.