The world’s first UEFI bootkit for Linux: Bootkitty

Forum

The world’s first UEFI bootkit for Linux: Bootkitty

By admin, Aralık 2, 2024

The world’s first UEFI bootkit for Linux: Bootkitty





The world's first UEFI bootkit for Linux: Bootkitty



See Full Size


ESET’s cybersecurity researchers, Linux The first developed for the operating system UEFI boot kit which is BootkittyHe discovered . This development shows that the open source Linux platform is now the target of cybercriminals and they are now trying to reach the lowest levels of the Linux kernel, just like in Windows.

The bootkit era for Linux begins

Bootkitty is defined as UEFI bootkit, a type of malware that targets the initial stage of the operating system. This type of software modifies or hijacks the startup loader to gain full control over the operating system and user applications. The porting of bootkits such as BlackLotus, examples of which we have seen on Windows systems before, to Linux creates concern in the cyber security world. Eset analysts recently discovered the bootkit in a previously unknown UEFI application (bootkit.efi) and this application has been uploaded to VirusTotal.




The world's first UEFI bootkit for Linux: Bootkitty



See Full Size


On the other hand, researchers found that Bootkitty targets Linux, but only against certain Ubuntu distributions confirmed it was working. Bootkitty contains special routines for interfering with the Linux kernel and GRUB bootloader. This software “theoretical” aspect Secure Boot (Secure Boot) even if it is enabled It can start the Linux kernel “without any problems” and then start its malicious processes by running itself at system startup. However, as we said; theoretically. Practically ise Bootkitty, yet Can’t override Secure Boot.

However, at this stage the software is still not fully working and its code in the process of development It is stated that . Many bugs and missing features in Bootkitty indicate that the malware is still in its concept stage. Researchers also detected a kernel module called BCDropper that may be linked to this bootkit. This module is designed to install malicious programs for the Linux kernel.

Bootkits can neutralize traditional security measures by providing deep control at the operating system level. While there has been a relatively low level of threat to the security of Linux users so far, this is changing rapidly. Although bootkits and UEFI rootkits traditionally target only Windows systems, Linux platforms are now becoming an attractive target as well.

























Etiketler: , , , ,