ESET researchers uncover ‘Bootkitty’, a first-of-its-kind UEFI bootkit for Linux
Bootkitty seems to be in early stages of development, but could pose a major risk
Linux users warned to be on their guard against possible attacks
UEFI bootkits are reportedly making their way into Linux, researchers from ESET have warned, after spotting a first-of-its-kind Linux UEFI bootkit, which seems to either be an experimental version, or a version in early development stages.
UEFI bootkits are sophisticated malware targeting the Unified Extensible Firmware Interface (UEFI), which is responsible for booting an operating system and initializing hardware. These bootkits compromise the firmware at a low level, meaning that even reinstalling the operating system, or even replacing the hard drive, does not eliminate the malware’s presence. Even antivirus programs have difficulties spotting them.
They enable attackers to control the system from its earliest stages of boot, often used for espionage, surveillance, or launching other malicious payloads. By rooting themselves so deep into a system, UEFI bootkits are often very hard to detect or remove.
The variant ESET’s researchers found is called ‘Bootkitty’, and given its state, features, and operational level, they believe that it is still in early development stages.
Bootkitty relies on a self-signed certificate, which means it won’t run on systems with Secure Boot – therefore, it can only target some Ubuntu distributions.
Furthermore, the use of hardcoded byte patterns and the fact that the best patterns for covering multiple kernel or GRUB versions were not used, means that the bootkit cannot be widely distributed. Finally, Bootkitty comes with many unused functions, and does not have kernel-version checks, which often results in system crashes.
In any case, the finding marks an important moment in the development and destructive potential of UEFI bootkits.
Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
While all evidence points to a piece of malware that can hardly do any meaningful damage, the fact remains that bootkits made their way to Linux. And with so many devices being powered by the OS, the attack surface is absolutely massive.
Via BleepingComputer
Original Author: Sead Fadilpašić | Source: TechRadar
The deal allows the U.S. to take more equity in Intel if the company doesn't…
We're expecting two new models alongside the all-new Apple Watch Series 11. | Original Author:…
Japan’s FugakuNEXT supercomputer will combine Fujitsu CPUs and Nvidia GPUs to deliver 600EFLOPS AI performance…
Microsoft has fired two more employees who participated in recent protests against the company’s contracts…
Microsoft announced its first homegrown AI models on Thursday: MAI-Voice-1 AI and MAI-1-preview. The company…
A comprehensive review of Max Tegmark's Life 3.0, exploring the future of artificial intelligence and…