ESET has discovered 'Bootkitty', the first-ever UEFI bootkit targeting Linux, which currently appears to be a proof of concept, limited to specific Ubuntu releases.
While Bootkitty illustrates advances in bootkit technology, it is noted to be less sophisticated than its predecessors, as it cannot function on systems with Secure Boot enabled.
The bootkit's method of patching the kernel image relies on basic hardcoded byte patterns, limiting its functionality to a select few Ubuntu versions and suggesting room for future enhancement.
This discovery signifies a paradigm shift, suggesting that attackers are exploring Linux targets, dispelling the belief that UEFI bootkits are predominantly designed for Windows systems.
Collection
[
|
...
]