The first UEFI bootkit malware for Linux has been detected, so users beware

ESET researchers uncover ‘Bootkitty’, a first-of-its-kind UEFI bootkit for Linux
Bootkitty seems to be in early stages of development, but could pose a major risk
Linux users warned to be on their guard against possible attacks

UEFI bootkits are reportedly making their way into Linux, researchers from ESET have warned, after spotting a first-of-its-kind Linux UEFI bootkit, which seems to either be an experimental version, or a version in early development stages.

UEFI bootkits are sophisticated malware targeting the Unified Extensible Firmware Interface (UEFI), which is responsible for booting an operating system and initializing hardware. These bootkits compromise the firmware at a low level, meaning that even reinstalling the operating system, or even replacing the hard drive, does not eliminate the malware’s presence. Even antivirus programs have difficulties spotting them.

They enable attackers to control the system from its earliest stages of boot, often used for espionage, surveillance, or launching other malicious payloads. By rooting themselves so deep into a system, UEFI bootkits are often very hard to detect or remove.

Bootkitty

The variant ESET’s researchers found is called ‘Bootkitty’, and given its state, features, and operational level, they believe that it is still in early development stages.

Bootkitty relies on a self-signed certificate, which means it won’t run on systems with Secure Boot – therefore, it can only target some Ubuntu distributions.

Furthermore, the use of hardcoded byte patterns and the fact that the best patterns for covering multiple kernel or GRUB versions were not used, means that the bootkit cannot be widely distributed. Finally, Bootkitty comes with many unused functions, and does not have kernel-version checks, which often results in system crashes.

In any case, the finding marks an important moment in the development and destructive potential of UEFI bootkits.

While all evidence points to a piece of malware that can hardly do any meaningful damage, the fact remains that bootkits made their way to Linux. And with so many devices being powered by the OS, the attack surface is absolutely massive.

Sead Fadilpašić

Kommentar verfassen Kommentieren abbrechen

London, GB

9:37 am, Juni 27, 2025

19°C

L: 18° | H: 21°

Fühlt sich an wie 19°C° klarer Himmel

Luftfeuchtigkeit: 70 %

Druck: 1020 mb

Wind: 6 mph SW

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 9%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:45 am

Sonnenuntergang: 9:21 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

18° | 21°°C 0 mm 0% 13 mph 70 % 1021 mb 0 mm/h

Tomorrow 10:00 pm

18° | 29°°C 0 mm 0% 11 mph 91 % 1025 mb 0 mm/h

So. Juni 29 10:00 pm

19° | 31°°C 0 mm 0% 8 mph 76 % 1025 mb 0 mm/h

Mo. Juni 30 10:00 pm

21° | 34°°C 0.2 mm 20% 8 mph 64 % 1021 mb 0 mm/h

Di. Juli 01 10:00 pm

21° | 33°°C 0 mm 0% 11 mph 68 % 1016 mb 0 mm/h

Today 10:00 am

19° | 19°°C 0 mm 0% 9 mph 70 % 1020 mb 0 mm/h

Today 1:00 pm

21° | 25°°C 0 mm 0% 12 mph 63 % 1020 mb 0 mm/h

Today 4:00 pm

25° | 27°°C 0 mm 0% 13 mph 49 % 1019 mb 0 mm/h

Today 7:00 pm

26° | 26°°C 0 mm 0% 13 mph 39 % 1019 mb 0 mm/h

Today 10:00 pm

21° | 21°°C 0 mm 0% 11 mph 68 % 1021 mb 0 mm/h

Tomorrow 1:00 am

20° | 20°°C 0 mm 0% 9 mph 85 % 1021 mb 0 mm/h

Tomorrow 4:00 am

18° | 18°°C 0 mm 0% 9 mph 91 % 1022 mb 0 mm/h

Tomorrow 7:00 am

20° | 20°°C 0 mm 0% 8 mph 82 % 1023 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€91,310.46	-1.04%
Ethereum(ETH)	€2,087.03	-2.04%
Fesseln(USDT)	€0.86	-0.01%
XRP(XRP)	€1.79	-4.60%
Solana(SOL)	€120.68	-2.88%
USDC(USDC)	€0.86	0.00%
Dogecoin(DOGE)	€0.137772	-2.30%
Shiba Inu(SHIB)	€0.000009	-3.59%
Pepe(PEPE)	€0.000008	-3.10%

The first UEFI bootkit malware for Linux has been detected, so users beware

Teilen:

Bootkitty

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns