WWW.TECHSPOT.COM
Researchers discover "Bootkitty," the first UEFI bootkit for Linux
In a nutshell: A serendipitous discovery led to a new warning of threats against Linux. The open-source platform is becoming an increasingly tasty target for cyber-criminals, and malware writers are now looking to get to the lowest levels of the kernel as they already have on Windows. "Bootkitty" is a new and concerning malware that targets Linux systems. Eset analysts recently discovered the bootkit in a previously unknown UEFI application (bootkit.efi) that someone uploaded to VirusTotal. While not yet complete, Bootkitty is described as the first UEFI bootkit for Linux that researchers have found.Bootkits like BlackLotus are a particular kind of malware designed to infect the startup phase of the operating system. They conceal their presence and essentially obtain total control of the OS and user applications by replacing, compromising, or significantly changing the original boot loader or boot process.The European researchers confirmed that Bootkitty targets Linux, although it only works against specific Ubuntu distros. The sample uploaded on VirusTotal uses a self-signed security certificate, which means it will not run on UEFI systems protected by the controversial Secure Boot feature. However, there is nothing to stop determined hackers from refining the malware.Bootkitty includes specific routines to subvert many functions in the UEFI firmware, the Linux kernel, and the GRUB boot loader. Bootkitty can theoretically boot the Linux kernel "seamlessly," even with Secure Boot activated, after which it injects itself into program processes upon system launch.However, Bootkitty doesn't work as intended despite its apparent complexity. Eset said that the bootkit contains many artifacts and rough features, which suggests the malware authors are still working on its code. The researchers also discovered a possibly related kernel module named BCDropper, designed to deploy ELF (Linux) programs useful for loading additional kernel modules. // Related StoriesEven though it is still in its proof-of-concept stage, Bootkitty is an interesting development in the UEFI threat landscape. Bootkits and UEFI rootkits have traditionally targeted only Windows systems, but Linux platforms are now widespread enough to become an enticing target. The security community should prepare for future threats, Eset warns.
0 التعليقات 0 المشاركات 25 مشاهدة