ESET Flags Prototype UEFI Bootkit Targeting Linux
securityweek
Malware hunters at ESET on Wednesday documented the discovery of a prototype UEFI bootkit targeting specific Ubuntu Linux configurations, signaling a shift as hackers expand bootkit attacks beyond the Windows operating system.
Named Bootkitty, ESET notes that the bootkit represents an initial proof-of-concept rather than an active threat but warns of a new reality: “UEFI bootkits are no longer confined to Windows systems alone.”
In a research paper written by researchers Martin Smolár and Peter Strýček, ESET said Bootkitty is designed to disable kernel signature verification for the Linux kernel and its modules. It also patches key processes, including the GRUB bootloader and kernel decompression routines.
The bootkit, spotted when a previously unknown UEFI application, “bootkit.efi,” was uploaded to VirusTotal in November 2024, is designed to modify the Linux kernel to allow unsigned kernel modules to load, bypassing protections like UEFI Secure Boot.
ESET said numerous artifacts, including unused ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE