First UEFI Bootkit Targeting Linux Discovered

Researchers identify 'Bootkitty,' a proof-of-concept malware that marks a new chapter in UEFI bootkit threats, previously exclusive to Windows.

Security firm ESET uncovered 'Bootkitty,' the first UEFI bootkit designed for Linux, uploaded to VirusTotal earlier this month.
The malware currently targets only certain Ubuntu distributions and lacks the sophistication for widespread deployment, suggesting it is in early development stages.
Bootkitty bypasses key security mechanisms like Secure Boot by exploiting UEFI security protocols and kernel signature verification checks.
Researchers found the bootkit to be buggy, with hardcoded byte patterns limiting its compatibility and often causing system crashes.
While no active infections have been detected, experts warn that Bootkitty signals evolving threats to Linux systems, previously seen only on Windows.