We hook calls to libc that are of interest (like open, write, execve), so when those functions are called we can exfiltrate the data to a queue, then return control to the caller with an unnoticeable delay. Right now, there is a capability to send data over the network, and we are working on the capability to perform remote management and configuration.