shellgame is a userland rootkit for Linux that uses the inotify API to detect file accesses near the files it intends to hide. Once detected, shellgame opens, then unlinks the protected files. This rootkit is particularly interesting because it works as a non-privileged user.
https://github.com/matthewbobrowski/shellgame