The first UEFI bootkit malware for Linux has been detected, so users beware

ESET researchers uncover ‘Bootkitty’, a first-of-its-kind UEFI bootkit for Linux
Bootkitty seems to be in early stages of development, but could pose a major risk
Linux users warned to be on their guard against possible attacks

UEFI bootkits are reportedly making their way into Linux, researchers from ESET have warned, after spotting a first-of-its-kind Linux UEFI bootkit, which seems to either be an experimental version, or a version in early development stages.

UEFI bootkits are sophisticated malware targeting the Unified Extensible Firmware Interface (UEFI), which is responsible for booting an operating system and initializing hardware. These bootkits compromise the firmware at a low level, meaning that even reinstalling the operating system, or even replacing the hard drive, does not eliminate the malware’s presence. Even antivirus programs have difficulties spotting them.

They enable attackers to control the system from its earliest stages of boot, often used for espionage, surveillance, or launching other malicious payloads. By rooting themselves so deep into a system, UEFI bootkits are often very hard to detect or remove.

Bootkitty

The variant ESET’s researchers found is called ‘Bootkitty’, and given its state, features, and operational level, they believe that it is still in early development stages.

Bootkitty relies on a self-signed certificate, which means it won’t run on systems with Secure Boot – therefore, it can only target some Ubuntu distributions.

Furthermore, the use of hardcoded byte patterns and the fact that the best patterns for covering multiple kernel or GRUB versions were not used, means that the bootkit cannot be widely distributed. Finally, Bootkitty comes with many unused functions, and does not have kernel-version checks, which often results in system crashes.

In any case, the finding marks an important moment in the development and destructive potential of UEFI bootkits.

While all evidence points to a piece of malware that can hardly do any meaningful damage, the fact remains that bootkits made their way to Linux. And with so many devices being powered by the OS, the attack surface is absolutely massive.

Sead Fadilpašić

Kommentar verfassen Kommentieren abbrechen

London, GB

9:04 am, Feb. 1, 2025

5°C

L: 4° | H: 5°

Fühlt sich an wie 2°C° overcast clouds

Luftfeuchtigkeit: 87 %

Druck: 1030 mb

Wind: 7 mph ESE

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 100%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 7:38 am

Sonnenuntergang: 4:49 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 9:00 pm

4° | 5°°C 0 mm 0% 6 mph 85 % 1030 mb 0 mm/h

Tomorrow 9:00 pm

2° | 7°°C 0 mm 0% 6 mph 84 % 1025 mb 0 mm/h

Mo. Feb. 03 9:00 pm

2° | 9°°C 0 mm 0% 5 mph 85 % 1026 mb 0 mm/h

Di. Feb. 04 9:00 pm

4° | 9°°C 1 mm 100% 12 mph 93 % 1026 mb 0 mm/h

Mi. Feb. 05 9:00 pm

4° | 8°°C 0.8 mm 80% 9 mph 91 % 1046 mb 0 mm/h

Today 12:00 pm

5° | 6°°C 0 mm 0% 6 mph 82 % 1030 mb 0 mm/h

Today 3:00 pm

6° | 6°°C 0 mm 0% 6 mph 75 % 1029 mb 0 mm/h

Today 6:00 pm

5° | 5°°C 0 mm 0% 6 mph 79 % 1027 mb 0 mm/h

Today 9:00 pm

3° | 3°°C 0 mm 0% 4 mph 85 % 1026 mb 0 mm/h

Tomorrow 12:00 am

3° | 3°°C 0 mm 0% 5 mph 84 % 1024 mb 0 mm/h

Tomorrow 3:00 am

2° | 2°°C 0 mm 0% 4 mph 83 % 1023 mb 0 mm/h

Tomorrow 6:00 am

2° | 2°°C 0 mm 0% 4 mph 82 % 1022 mb 0 mm/h

Tomorrow 9:00 am

3° | 3°°C 0 mm 0% 4 mph 77 % 1022 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€98,454.01	-1.96%
Ethereum(ETH)	€3,150.20	0.84%
XRP(XRP)	€2.92	-1.30%
Fesseln(USDT)	€0.97	-0.02%
Solana(SOL)	€221.45	-2.40%
USDC(USDC)	€0.97	0.00%
Dogecoin(DOGE)	€0.313073	-0.68%
Shiba Inu(SHIB)	€0.000018	1.30%
Pepe(PEPE)	€0.000013	4.15%

The first UEFI bootkit malware for Linux has been detected, so users beware

Teilen:

Bootkitty

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns