ESET Discovers First UEFI Bootkit for Linux Systems

ESET uncovers Bootkitty, the first UEFI bootkit targeting Linux systems. This newly discovered malware represents a significant shift in the UEFI threat landscape, which has primarily focused on Windows systems. Although Bootkitty appears to be a proof-of-concept and has not been seen in active attacks, it poses potential risks by disabling kernel signature verification and preloading unauthorized binaries during system initialization. ESET researchers linked Bootkitty to related components, BCDropper and BCObserver, which enhance its functionality. The emergence of Bootkitty underscores the need for enhanced security measures in Linux environments, particularly as attackers may increasingly target these systems. ESET recommends enabling UEFI Secure Boot, regularly updating firmware, and monitoring for anomalies to mitigate potential threats from bootkits like Bootkitty.