How to Set Up Runtime Protection Against Malware Like Kaiji

This report describes the Kaiji malware campaign targeting Linux servers and IoT devices, highlighting its persistence and stealth techniques—such as planting startup scripts, intercepting administrative commands, and hiding processes/files—to survive reboots and evade casual inspection; it also provides guidance on detecting and blocking Kaiji at runtime using Aqua Runtime Protection policies (e.g., blocking fileless execution, drift prevention, and enforcement modes).