The first UEFI bootkit malware for Linux has been detected, so users beware

By
SACHIN KELKAR
-
9

The first UEFI bootkit malware for Linux has been detected, so users beware

News

By Sead Fadilpašić

published 28 November 2024

Malware isn’t fully functional, but it has potential


Close up of the Linux penguin.
(Image credit: Linux)
  • ESET researchers uncover ‘Bootkitty’, a first-of-its-kind UEFI bootkit for Linux
  • Bootkitty seems to be in early stages of development, but could pose a major risk
  • Linux users warned to be on their guard against possible attacks

UEFI bootkits are reportedly making their way into Linux, researchers from ESET have warned, after spotting a first-of-its-kind Linux UEFI bootkit, which seems to either be an experimental version, or a version in early development stages.

UEFI bootkits are sophisticated malware targeting the Unified Extensible Firmware Interface (UEFI), which is responsible for booting an operating system and initializing hardware. These bootkits compromise the firmware at a low level, meaning that even reinstalling the operating system, or even replacing the hard drive, does not eliminate the malware’s presence. Even antivirus programs have difficulties spotting them.

They enable attackers to control the system from its earliest stages of boot, often used for espionage, surveillance, or launching other malicious payloads. By rooting themselves so deep into a system, UEFI bootkits are often very hard to detect or remove.

Bootkitty

The variant ESET’s researchers found is called ‘Bootkitty’, and given its state, features, and operational level, they believe that it is still in early development stages.

Bootkitty relies on a self-signed certificate, which means it won’t run on systems with Secure Boot – therefore, it can only target some Ubuntu distributions.

Furthermore, the use of hardcoded byte patterns and the fact that the best patterns for covering multiple kernel or GRUB versions were not used, means that the bootkit cannot be widely distributed. Finally, Bootkitty comes with many unused functions, and does not have kernel-version checks, which often results in system crashes.

In any case, the finding marks an important moment in the development and destructive potential of UEFI bootkits.

While all evidence points to a piece of malware that can hardly do any meaningful damage, the fact remains that bootkits made their way to Linux. And with so many devices being powered by the OS, the attack surface is absolutely massive.

Via BleepingComputer

You might also like

  • This dangerous UEFI bootkit can hijack your Windows PC with ease
  • Here’s a list of the best firewalls today
  • These are the best endpoint protection tools right now
TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

More about security
Representational image depecting cybersecurity protection

Top gaming engine Godot hijacked to infect thousands of PCs with malware

A person using a laptop keyboard

If you didn’t think Norton had a VPN, its Black Friday deal should make you reconsider

Latest
Shark PowerDetect vacuum on a blue background, with Black Friday Deals written next to it

I’m a home appliances expert, and these are the best Black Friday vacuum deals to buy

See more latest ►
Previous articleBlack Friday PS5 deals live: I’ve tracked PlayStation deals for years and these are my top picks for PS5 and PS5 Pro so far
Next articleMeta helped design a chip for its own network, but you’ll never be able to buy it
SACHIN KELKAR
SACHIN KELKAR
https://topupdatetoday.com/

RELATED ARTICLESMORE FROM AUTHOR