Bootkitty, the newly discovered UEFI boot-level rootkit for Linux, was apparently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).
The bootkit, discovered and analyzed by researchers from antivirus vendor ESET last week, showed signs of being proof of concept rather than malware ready for production. Nevertheless, the prototype, described by ESET as the first UEFI bootkit for Linux, can be used as an inspiration to attackers who have so far only developed UEFI bootkits for Windows, at least as they are publicly known.
“We believe this bootkit is the first proof of concept, and based on our telemetry, it has not been used in the wild,” the ESET researchers wrote in their preliminary report. “That said, its presence underscores an important message: UEFI bootkits are no longer tied to Windows-only systems.”
Source link