Researchers Introduce Bootkitty, First UEFI Bootkit for Linux

Researchers unveil Bootkitty, the first UEFI bootkit for Linux. Cybersecurity experts have identified Bootkitty, a proof-of-concept UEFI bootkit specifically designed for Linux systems, marking a significant shift in the cyber threat landscape. Developed by a group known as BlackCat, Bootkitty aims to disable kernel signature verification and preload unknown ELF binaries during the Linux init process. Although it was uploaded to VirusTotal on November 5, 2024, there is currently no evidence of its deployment in real-world attacks. The bootkit can bypass UEFI Secure Boot protections and modify critical functions in the GRUB bootloader, raising concerns about future threats in UEFI environments. Additionally, researchers discovered a related unsigned kernel module, BCDropper, which can deploy another ELF binary, BCObserver, suggesting further malicious capabilities.