Anasayfa » News » Researchers discover “Bootkitty,” the first UEFI bootkit for Linux

Researchers discover “Bootkitty,” the first UEFI bootkit for Linux

Researchers discover Bootkitty, the first UEFI bootkit for Linux
You May Be Interested In:Ex-officer accused of ’emotional and sexual’ relationship with crime victim


In a nutshell: A serendipitous discovery led to a new warning of threats against Linux. The open-source platform is becoming an increasingly tasty target for cyber-criminals, and malware writers are now looking to get to the lowest levels of the kernel as they already have on Windows.

“Bootkitty” is a new and concerning malware that targets Linux systems. Eset analysts recently discovered the bootkit in a previously unknown UEFI application (bootkit.efi) that someone uploaded to VirusTotal. While not yet complete, Bootkitty is described as the first UEFI bootkit for Linux that researchers have found.

Bootkits like BlackLotus are a particular kind of malware designed to infect the startup phase of the operating system. They conceal their presence and essentially obtain total control of the OS and user applications by replacing, compromising, or significantly changing the original boot loader or boot process.

The European researchers confirmed that Bootkitty targets Linux, although it only works against specific Ubuntu distros. The sample uploaded on VirusTotal uses a self-signed security certificate, which means it will not run on UEFI systems protected by the controversial Secure Boot feature. However, there is nothing to stop determined hackers from refining the malware.

Bootkitty includes specific routines to subvert many functions in the UEFI firmware, the Linux kernel, and the GRUB boot loader. Bootkitty can theoretically boot the Linux kernel “seamlessly,” even with Secure Boot activated, after which it injects itself into program processes upon system launch.

However, Bootkitty doesn’t work as intended despite its apparent complexity. Eset said that the bootkit contains many artifacts and rough features, which suggests the malware authors are still working on its code. The researchers also discovered a possibly related kernel module named BCDropper, designed to deploy ELF (Linux) programs useful for loading additional kernel modules.

Even though it is still in its proof-of-concept stage, Bootkitty is an interesting development in the UEFI threat landscape. Bootkits and UEFI rootkits have traditionally targeted only Windows systems, but Linux platforms are now widespread enough to become an enticing target. The security community should prepare for future threats, Eset warns.

share Paylaş facebook pinterest whatsapp x print

Similar Content

Tech workers earn thousands recommending strangers for jobs
Tech workers earn thousands recommending strangers for jobs January 15, 2025
Apple Vulnerabilities Could Endanger Your Crypto – One Is Not Patchable
Apple Vulnerabilities Could Endanger Your Crypto – One Is Not Patchable November 22, 2024
DaVinci Resolve
DaVinci Resolve January 14, 2025
Nuclear-electric rocket propulsion could cut Mars round-trips down to a few months
Nuclear-electric rocket propulsion could cut Mars round-trips down to a few months December 11, 2024
AI-Enabled Robots Can Be Jailbroken & Manipulated to Cause Destruction, Says Research
AI-Enabled Robots Can Be Jailbroken & Manipulated to Cause Destruction, Says Research October 20, 2024
Indiana Jones and the Great Circle
Indiana Jones and the Great Circle December 6, 2024
Flash News Hub | © 2024 | News