ESET’s malware research team reported the discovery of a prototype UEFI bootkit specifically targeting specific configurations of Ubuntu Linux. The bootkit, identified when an unknown UEFI application named “bootkit.efi” was uploaded to VirusTotal in November 2024, is designed to modify the Linux kernel, allowing unsigned kernel modules to load and bypassing security measures like UEFI Secure Boot.
During their investigation, the ESET team also found an unsigned kernel module that appears to be related to the bootkit. This module shows signs that it may have been developed by the same author(s). It deploys an ELF binary responsible for loading an additional kernel module. ESET described this related kernel module, BCDropper, as exhibiting rootkit-like behavior.
Read more: ESET Flags Prototype UEFI Bootkit Targeting Linux
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
