Firmware is a small static code that runs on devices ranging from consumer electronics to anything that controls heavy machinery. In computers, chips a.k.a. the real interactive hardware, such as the BIOS, CPU, GPU, etc. runs firmware code to perform specific functions. Network devices ranging from firewalls, routers, switches, IDS/IPS, etc. runs firmware a.k.a. microcode on their chipsets. Firmware is tiny and not modified often like the userland or kernelland software. Thus, integrity checks are very rarely done at this layer. What would you do, if you are a bad guy and you know that you have a place to reside that would never be monitored ever? Well, if you are the smart one you would say "YES, I would love to go there".
Rootkit is a type of Malware that would never say NO to something that allows it to retain unrestricted administrative access, which means that it would never let go of firmware option to reside on, given the chance. A firmware rootkit has to go through kernelland to go to reach the firmware layer, just like how the bad guys would have to go through the village and various check points, to enter the castle.
This section of rootkit analytics will soon discuss about rootkits targeting:
NOTE: Our tools are listed in many sites and torrents, which makes it hard for us to track all downloads. Hence, we are listing only the total installations from our website.