Techly NewsGet the app

Get the latest tech news

Bootkitty: Analyzing the first UEFI bootkit for Linux


ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.

We have not discovered any of these possibly malicious ELF shared objects, although just as this blogpost was being finalized for publication, a write-up describing the missing components mentioned in our report has been published. Tainted state right after the system has started with Bootkitty A simple remedy tip to get rid of the bootkit is to move the legitimate /EFI/ubuntu/grubx64-real.efi file back to its original location, which is /EFI/ubuntu/grubx64.efi. Hex-Rays decompiled dropper code BCObserver is a rather simple application that waits until the display manager gdm3 is running, and then loads an unknown kernel module from /opt/rootkit_loader.ko via the finit_module system call.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Linux

Linux

Photo of UEFI

UEFI

Photo of UEFI bootkit

UEFI bootkit

Related news:

News photo

IO_uring Enjoys Hybrid IO Polling & Ring Resizing With Linux 6.13

News photo

exFAT Driver With Linux 6.13 Reduces FAT Chain Traversal For Better Performance

News photo

The World's First Unkillable UEFI Bootkit For Linux

« Linux Kernel Performance Bottlenecks Spotted By Mold Developer
FTC expands rules to hold tech support scammers accountable »