Techly NewsGet the app

Get the latest tech news

Found on VirusTotal: The world’s first UEFI bootkit for Linux


“Bootkitty” is likely a proof-of-concept, but may portend working UEFI malware for Linux.

By lurking undetected in the firmware that resides on a chip and runs each time a machine boots, bootkits can persist indefinitely, providing a stealthy means for backdooring the operating system even before it has fully loaded and enabled security defenses such as antivirus software. The Bootkitty sample ESET found is unable to override a defense, known as UEFI Secure Boot, that uses cryptographic signatures to ensure that each piece of software loaded during startup is trusted by a computer's manufacturer. The result: “due to the lack of kernel-version checks in the function shown in [the figure above] Bootkitty can get to the point where it patches completely random code or data at these hardcoded offsets, thus crashing the system instead of compromising it,” ESET researchers explained.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of Linux

Linux

Photo of World

World

Photo of wild

wild

Related news:

News photo

AMD Begins Work Upstreaming More Versal 2 SoC Support For Linux

News photo

Researchers discover first UEFI bootkit malware for Linux

News photo

RISC-V Changes For Linux 6.13 Deliver Pointer Masking In User-Space

« OnePlus 13R expected 'soon' as its rendering and alleged specs leak
Investigators say a Chinese ship’s crew deliberately dragged its anchor to cut undersea data cables »