In the depths of the Internet, the first UEFI bootkit for Linux is being created. This is pointed out by ESET, which also published an analysis of this bootkit called Bootkitty.
As the researchers Martin Smolár and Peter Strýček mention, this is the first malware of this type intended for Linux systems. For now, it seems that Bootkitty is just a proof of concept, i.e. an unfinished project that has not yet reached the “public” or appeared on the black market.
The goal of Bootkitty is to disable kernel signature verification at the kernel level and then insert two ELF files through the init process. Interestingly, as part of the analysis, the researchers found references to another kernel module, which indicates that the original authors are working on multiple versions. Their nicknames are shown in the file, but ESET deliberately deleted them.
For now, Bootkitty is not very dangerous, also due to the fact that it works on a very limited number of distributions, mainly due to the hard-programmed values in the bootkit code. For now, having UEFI Secure Boot enabled and an updated system is sufficient protection.
Source: pctuning.cz
