Analyzing the first UEFI bootkit for Linux
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
ESET researchers have discovered Bootkitty, the first UEFI bootkit designed for Linux systems. This proof-of-concept malware targets specific Ubuntu versions and aims to disable kernel signature verification while preloading unknown ELF binaries. Bootkitty is signed with a self-signed certificate, limiting its effectiveness to systems without UEFI Secure Boot enabled. The bootkit patches GRUB and the Linux kernel to bypass security measures and load potentially malicious modules. Additionally, a related kernel module named BCDropper was identified, which deploys an ELF program responsible for loading another kernel module. This discovery highlights the evolving threat landscape for UEFI-based systems beyond Windows.
OPENCTI LABELS :
linux,bootkitty,uefi bootkit
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Analyzing the first UEFI bootkit for Linux