The first UEFI bootkit malware for Linux has been detected, so users beware

Akshit Behera

ESET researchers uncover ‘Bootkitty’, a first-of-its-kind UEFI bootkit for Linux

Bootkitty seems to be in early stages of development, but could pose a major risk

Linux users warned to be on their guard against possible attacks

UEFI bootkits are reportedly making their way into Linux, researchers from ESET have warned, after spotting a first-of-its-kind Linux UEFI bootkit, which seems to either be an experimental version, or a version in early development stages.

UEFI bootkits are sophisticated malware targeting the Unified Extensible Firmware Interface (UEFI), which is responsible for booting an operating system and initializing hardware. These bootkits compromise the firmware at a low level, meaning that even reinstalling the operating system, or even replacing the hard drive, does not eliminate the malware’s presence. Even antivirus programs have difficulties spotting them.

They enable attackers to control the system from its earliest stages of boot, often used for espionage, surveillance, or launching other malicious payloads. By rooting themselves so deep into a system, UEFI bootkits are often very hard to detect or remove.

Bootkitty

The variant ESET’s researchers found is called ‘Bootkitty’, and given its state, features, and operational level, they believe that it is still in early development stages.

Bootkitty relies on a self-signed certificate, which means it won’t run on systems with Secure Boot – therefore, it can only target some Ubuntu distributions.

Furthermore, the use of hardcoded byte patterns and the fact that the best patterns for covering multiple kernel or GRUB versions were not used, means that the bootkit cannot be widely distributed. Finally, Bootkitty comes with many unused functions, and does not have kernel-version checks, which often results in system crashes.

In any case, the finding marks an important moment in the development and destructive potential of UEFI bootkits.

Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

While all evidence points to a piece of malware that can hardly do any meaningful damage, the fact remains that bootkits made their way to Linux. And with so many devices being powered by the OS, the attack surface is absolutely massive.

Via BleepingComputer

Original Author: Sead Fadilpašić | Source: TechRadar

About

Shark’s Data Den provides data-driven insights and analysis on technology, business, and innovation.

AI artificial intelligence Artificial Intelligence: A Guide for Thinking Humans Being Human in the Age of Artificial Intelligence books bookself Dangers data science data scientist Human Compatible Human Compatible: Artificial Intelligence and the Problem of Control Life 3.0 machine learning Max Tegmark Melanie Mitchell Pedro Domingos Stuart Russell Superintelligence Superintelligence: Paths Dangers Strategies The Master Algorithm: How the Quest for the Ultimate Learning Machine Will Remake Our World

Discover more from The Shark's Data Den

Subscribe now to keep reading and get access to the full archive.

Continue reading