Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels | The Hacker News

"The bootkit's main goal is to disable the kernel's signature verification feature and to preload two as yet unknown ELF binaries via the Linux init process (which is the first process executed by the Linux kernel during system startup),"

https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

UEFI malware targeting Linux computing systems article has been updated

BootKitty attacks can be circumvented / mitigated when you follow best practices

#BootKitty #InfoSec #programming #Linux #freeBSD #netBSD #openBSD #OpenSource #POSIX

https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/

This week's Linux and FOSS news:

LINUX NEWS

elementary OS 8 released with new Wayland session (called Secure session) with prompts to give programs certain permissions, new Dock, Flathub out-of-the-box, new quick settings, system updates via system settings, option to conceal text on screenshots:
https://news.itsfoss.com/elementary-os-8-release/
(The prompting for permission thing is pretty unique on Linux. I know some nerds will call it "phone approach" because mobile OSes do the same but I don't think it's necessarily bad. I'm personally satisfied with the regular approach to open Flatseal to control permissions after I download a program, but for many people the prompting approach is probably more efficient because they don't have to think about going to Flatseal first, yet they can still prevent some unnecessary access for programs.)

NixOS 24.11 released with GNOME 47, KDE Plasma 6.2, PipeWire by default, Nix 2.24 package manager, improved support for Darwin into Nixpkgs, support for LLVM 19 compiler etc.:
https://9to5linux.com/nixos-24-11-released-with-gnome-47-and-kde-plasma-6-2-pipewire-by-default

Armbian 24.11 released with support for OrangePi5 Max, Radxa ROCK 5B+ and many more devices:
https://9to5linux.com/armbian-24-11-released-with-support-for-orangepi-5-max-and-radxa-rock-5b

First UEFI bootkit for Linux, Bootkitty is discovered:
https://news.itsfoss.com/bootkitty-linux/
(Remember, no system is 100% secure, including Linux)
(It's currently a proof-of-concept but regardless it's better to be aware of it, update your system regularly, keep Secure Boot enabled if your distro supports it, to be protected against these type of attacks in the future.)

Cinnamon 6.4 released with new default theme, built-in Night Light feature, Power Profile options, updated applets etc.:
https://9to5linux.com/cinnamon-6-4-desktop-environment-released-with-revamped-theme-night-light

KDE Plasma 6.2.4 released with re-enabled HDR mode for NVIDIA 565 and Linux 6.11 users, various bug fixes, improvements:
https://9to5linux.com/kde-plasma-6-2-4-re-enables-hdr-mode-for-users-on-nvidia-565-and-linux-6-11

Ubuntu Touch OTA-7 released with PulseAudio security fixes:
https://9to5linux.com/ubuntu-touch-ota-7-released-for-linux-phones-with-pulseaudio-security-fixes

(FOSS news in reply)

Code found online #exploits #LogoFAIL to install #Bootkitty #Linux #backdoor
#security

https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/

Researchers discover first UEFI bootkit malware for Linux
https://www.bleepingcomputer.com/news/security/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Bootkit #Bootkitty #Kernel #Linux #Ubuntu #UEFI #virus_removal #malware_removal #computer_help #technical_support

A rootkit is a piece of malware that runs in the deepest regions of the operating system it infects.
It leverages this strategic position to hide information about its presence from the operating system itself.
A bootkit, meanwhile, is malware that infects the boot-up process in much the same way.
Bootkits for the UEFI
—short for Unified Extensible Firmware Interface
—lurk in the chip-resident firmware that runs each time a machine boots.
These sorts of bootkits can persist indefinitely, providing a stealthy means for backdooring the operating system even before it has fully loaded and enabled security defenses such as antivirus software.
The newly discovered #Bootkitty suggests threat actors may be actively developing a Linux version of the same sort of unkillable bootkit that previously was found only targeting Windows machines.
“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape,
breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote.
“Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems,
it emphasizes the necessity of being prepared for potential future threats.”

https://arstechnica.com/security/2024/11/found-in-the-wild-the-worlds-first-unkillable-uefi-bootkit-for-linux/