{"id":130904,"date":"2024-11-28T04:05:17","date_gmt":"2024-11-27T21:05:17","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=130904"},"modified":"2024-11-28T04:05:17","modified_gmt":"2024-11-27T21:05:17","slug":"found-in-the-wild-the-worlds-first-unkillable-uefi-bootkit-for-linux","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=130904","title":{"rendered":"Found in the wild: The world\u2019s first unkillable UEFI bootkit for Linux"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<p>Over the past decade, a new class of infections has threatened Windows users. By infecting the firmware that runs immediately before the operating system loads, these UEFI bootkits continue to run even when the hard drive is replaced or reformatted. Now the same type of chip-dwelling malware has been found in the wild for backdooring Linux machines.<\/p>\n<p>Researchers at security firm ESET said Wednesday that Bootkitty\u2014the name unknown threat actors gave to their Linux bootkit\u2014was uploaded to VirusTotal earlier this month. Compared to its Windows cousins, Bootkitty is still relatively rudimentary, containing imperfections in key under-the-hood functionality and lacking the means to infect all Linux distributions other than Ubuntu. That has led the company researchers to suspect the new bootkit is likely a proof-of-concept release. To date, ESET has found no evidence of actual infections in the wild.<\/p>\n<figure class=\"ars-wp-img-shortcode id-2063980 align-fullwidth\">\n<div>\n                        <img width=\"630\" height=\"163\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/11\/bootkitty-ascii-logo.png\" class=\"fullwidth full\" alt=\"\" decoding=\"async\" loading=\"lazy\"\/>\n                  <\/div><figcaption>\n<div class=\"caption font-impact mb-4 mt-2 inline-flex flex-row items-stretch gap-1 text-base leading-tight text-gray-300\">\n<p>\n      The ASCII logo that Bootkitty is capable of rendering.<\/p>\n<p>              <span class=\"caption-credit mt-2 text-xs\"><br \/>\n          Credit:<\/p>\n<p>          ESET<\/p>\n<p>                  <\/span>\n          <\/p>\n<\/p><\/div>\n<\/figcaption><\/figure>\n<h2>Be prepared<\/h2>\n<p>Still, Bootkitty suggests threat actors may be actively developing a Linux version of the same sort of unkillable bootkit that previously was found only targeting Windows machines.<\/p>\n<p>\u201cWhether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, breaking the belief about modern UEFI bootkits being Windows-exclusive threats,\u201d ESET researchers <a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/bootkitty-analyzing-first-uefi-bootkit-linux\/\">wrote<\/a>. \u201cEven though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, it emphasizes the necessity of being prepared for potential future threats.\u201d<\/p>\n<p>A rootkit is a piece of malware that runs in the deepest regions of the operating system it infects. It leverages this strategic position to hide information about its presence from the operating system itself. A bootkit, meanwhile, is malware that infects the boot-up process in much the same way. Bootkits for the UEFI\u2014short for <a href=\"https:\/\/en.wikipedia.org\/wiki\/Unified_Extensible_Firmware_Interface\">Unified Extensible Firmware Interface<\/a>\u2014lurk in the chip-resident firmware that runs each time a machine boots. These sorts of bootkits can persist indefinitely, providing a stealthy means for backdooring the operating system even before it has fully loaded and enabled security defenses such as antivirus software.<\/p>\n<p>The bar for installing a bootkit is high. An attacker first must gain administrative control of the targeted machine, either through physical access while it\u2019s unlocked or somehow exploiting a critical vulnerability in the OS. Under those circumstances, attackers already have the ability to install OS-resident malware. Bootkits, however, are much more powerful since they (1) run before the OS does and (2) are, at least practically speaking, undetectable and unremovable.<\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/arstechnica.com\/security\/2024\/11\/found-in-the-wild-the-worlds-first-unkillable-uefi-bootkit-for-linux\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Over the past decade, a new class of infections has threatened Windows users. By infecting the firmware that runs immediately before the operating system loads, these UEFI bootkits continue to &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=130904\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-130904","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/130904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=130904"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/130904\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=130904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=130904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=130904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}