All articles tagged with #bootkit
HybridPetya is a proof-of-concept ransomware-bootkit that exploits a patched UEFI Secure Boot vulnerability to hijack Windows systems before OS load, highlighting that Secure Boot bypasses are real and evolving, though it has not been seen in the wild yet.
Cybersecurity researchers have discovered HybridPetya, a new ransomware that can bypass UEFI Secure Boot using the patched CVE-2024-7344 vulnerability, by installing malicious EFI applications and encrypting the Master File Table, with capabilities for encryption, ransom demands, and potential decryption, although it has not been observed in active use.
ESET Research discovered HybridPetya, a Petya/NotPetya copycat with advanced capabilities including UEFI Secure Boot bypass via CVE‑2024‑7344, and the ability to compromise modern UEFI systems by installing malicious EFI applications, although it is not actively spreading in the wild yet.
Dozens of Gigabyte motherboards are vulnerable to UEFI firmware security flaws that can allow stealthy bootkit malware to bypass Secure Boot and persist through reinstallation, with over 100 models affected and no current fixes for many due to end-of-life status, posing significant risks especially in critical environments.
Security researchers at ESET have discovered Bootkitty, the first known UEFI bootkit targeting Linux systems, uploaded to VirusTotal. While currently limited to Ubuntu and lacking full functionality, Bootkitty represents a potential shift in UEFI threats, previously exclusive to Windows. This development underscores the need for vigilance against future Linux-targeted bootkits, which can persist undetected by infecting firmware before the operating system loads.
Researchers have discovered "Bootkitty," the first UEFI bootkit targeting Linux systems, developed by a group named BlackCat. Although currently a proof-of-concept with no real-world attacks reported, Bootkitty disables kernel signature verification and preloads unknown binaries during system startup. It bypasses UEFI Secure Boot by hooking authentication protocols and patching GRUB boot loader functions. The bootkit also includes a kernel module with rootkit capabilities, but no link to the ALPHV/BlackCat ransomware group has been found. This development highlights the expanding threat landscape beyond Windows systems.
ESET researchers have discovered Bootkitty, the first UEFI bootkit targeting Linux systems, specifically some Ubuntu versions. This bootkit, likely a proof of concept, aims to disable kernel signature verification and preload unknown ELF binaries during the Linux init process. Bootkitty is signed with a self-signed certificate, making it ineffective on systems with UEFI Secure Boot unless the attacker's certificates are installed. The discovery highlights the expanding threat landscape of UEFI bootkits beyond Windows systems. Researchers emphasize the importance of keeping UEFI Secure Boot enabled and systems updated to mitigate such threats.