Bootkitty: Unveiling the First UEFI Bootkit Threat to Linux Systems

November 27, 2024 at 12:01 PM

•

1 min read

Bootkitty: Unveiling the First UEFI Bootkit Threat to Linux Systems — Photo: The Hacker News

TL;DR Summary

Researchers have discovered "Bootkitty," the first UEFI bootkit targeting Linux systems, developed by a group named BlackCat. Although currently a proof-of-concept with no real-world attacks reported, Bootkitty disables kernel signature verification and preloads unknown binaries during system startup. It bypasses UEFI Secure Boot by hooking authentication protocols and patching GRUB boot loader functions. The bootkit also includes a kernel module with rootkit capabilities, but no link to the ALPHV/BlackCat ransomware group has been found. This development highlights the expanding threat landscape beyond Windows systems.

Topics:top-news #blackcat #bootkit #cybersecurity #linux #uefi

Share this article

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels The Hacker News
Bootkitty: Analyzing the first UEFI bootkit for Linux We Live Security
Researchers discover first UEFI bootkit malware for Linux BleepingComputer
'Bootkitty' Malware Can Infect a Linux Machine's Boot Process PCMag
Found in the wild: The world’s first unkillable UEFI bootkit for Linux Ars Technica

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 2 min read

Condensed

79%

393 → 84 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights