Bootkitty is the name ESET security researchers have given to a malicious development that stands out for being the first UEFI bootkit aimed specifically at Linux systems.

This type of malware is one of the most dangerous because it is designed for it infect the computer’s startup processit loads before the operating system does. This allows it to evade system-level security tools, modify its components, and inject malicious code without risk of detection.

Bootkitty, the first UEFI malware for Linux

This development “This is a significant development in UEFI bootkit threats”they say from ESET. This is despite the fact that this is malware that only affects certain versions and configurations of GNU/Linux distributions such as Ubuntu, rather than being a fully-fledged threat implemented in actual attacks.

But it is the first of its kind for Linux systems, the first case of a Linux UEFI bootkit Ability to bypass kernel signature verification and preload malicious components during the system boot process. The security firm discovered this after examining a suspicious file (bootkit.efi) uploaded to VirusTotal earlier this month.

After analysis, ESET confirmed its innovation, although it is believed to be at an early stage of development due to its limitations and lack of improvements. Bootkitty is based on a self-signed certificate, so it will not be able to be installed on systems with Secure Boot enabled. It also has unused features and handles kernel version compatibility poorly, while its code restriction to specific GRUB and kernel versions makes it unsuitable for widespread implementation.

Still, it’s very dangerous. The discovery of this type of malware shows how sophisticated the attackers are malware development for Linux that was previously limited to Windows. One of the latest UEFI bootkits for Windows, ‘BlackLotus’, was even able to bypass Windows Secure Boot. It is a UEFI bootkit that is implemented in the firmware of the computing device and allows full control over the operating system boot process, making it possible to disable security mechanisms at the operating system level and implement arbitrary payloads during Start with administrative privileges.

Aside from Bootkitty’s limited impact, BlackLotus is a good example of what might eventually come to Linux. Confirmation of greater adoption of the free system especially in companies, which does not go unnoticed by cybercriminals.