Bootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).
The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the prototype, which ESET described as the first-ever UEFI bootkit for Linux, could be used as inspiration for attackers who until now have developed UEFI bootkits only for Windows, at least as far as it’s publicly known.
“We believe this bootkit is merely an initial proof of concept, and based on our telemetry, it has not been deployed in the wild,” the ESET researchers wrote in their original report. “That said, its existence underscores an important message: UEFI bootkits are no longer confined to Windows systems alone.”
