ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty.
Bootkitty allows attackers to disable the kernel’s signature verification feature and preload two unknown ELF binaries via the Linux init process.
The bootkit, named bootkit.efi, is a UEFI application that can bypass UEFI Secure Boot by patching integrity verification functions in memory.
Bootkitty marks an advancement in the UEFI threat landscape for Linux systems, emphasizing the importance of enabling UEFI Secure Boot and keeping system firmware and OS up-to-date.