Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels ...

npub1zm7…pnd6

2024-11-28 01:47:23

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels

Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems.

Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded to the VirusTotal platform on November 5, 2024.

"The bootkit's main goal is to disable the kernel's signature verification feature and to preload two as yet unknown ELF binaries via the Linux init process (which is the first process executed by the Linux kernel during system startup)," ESET researchers Martin Smolár and Peter Strýček said.

The development is significant as it heralds a shift in the cyber threat landscape where UEFI bootkits are no longer confined to Windows systems alone.

See more
The Hackers News:
https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

BleepingComputer:
https://www.bleepingcomputer.com/news/security/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/

SecurityWeek:
https://www.securityweek.com/eset-flags-prototype-uefi-bootkit-targeting-linux/

#cybersecurity #uefi #bootkit

Author Public Key

npub1zm7jduqq2nmxz5wxh4ujtm00g9vxzqa0r82yt7flvm67yje5gfaqa5pnd6

Show more details

Published at

2024-11-28 01:47:23

Kind type

1 Short Text Note

Event JSON

{ "id": "cd953ff764440a705d932ac513072ade4f41027d1bd84434557b748ebdd356e9", "pubkey": "16fd26f00054f66151c6bd7925edef41586103af19d445f93f66f5e24b34427a", "created_at": 1732758443, "kind": 1, "tags": [ [ "t", "cybersecurity" ], [ "t", "uefi" ], [ "t", "bootkit" ], [ "r", "https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html" ], [ "r", "https://www.bleepingcomputer.com/news/security/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/" ], [ "r", "https://www.securityweek.com/eset-flags-prototype-uefi-bootkit-targeting-linux/" ] ], "content": "Researchers Discover \"Bootkitty\" – First UEFI Bootkit Targeting Linux Kernels\n\nCybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems.\n\nDubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded to the VirusTotal platform on November 5, 2024.\n\n\"The bootkit's main goal is to disable the kernel's signature verification feature and to preload two as yet unknown ELF binaries via the Linux init process (which is the first process executed by the Linux kernel during system startup),\" ESET researchers Martin Smolár and Peter Strýček said.\n\nThe development is significant as it heralds a shift in the cyber threat landscape where UEFI bootkits are no longer confined to Windows systems alone.\n\nSee more\nThe Hackers News:\nhttps://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html\n\nBleepingComputer:\nhttps://www.bleepingcomputer.com/news/security/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/\n\nSecurityWeek:\nhttps://www.securityweek.com/eset-flags-prototype-uefi-bootkit-targeting-linux/\n\n#cybersecurity #uefi #bootkit", "sig": "2f7c2d8bedb401c78265037b76fe8e199cf9da896d9503fe277ad5d08e513acbf3845c0a6f514591dd090d29409590a2bc915fcde86304ed91e1131dc8b13664" }