‘Bootkitty’ First Bootloader to Take Aim at Linux
by Jai Vijayan
DarkReading
December 2, 2024
https://www.darkreading.com/cyber-risk/bootkitty-first-bootloader-target-linux-systems
| Notes |
|---|
| Secure Boot |
| Linux Malware |
| Bootkitty |
| bootloader |
| malware |
| proof of concept |
| Korea |
| cybersecurity |
| LogoFAIL |
| UEFI |
| Binarly Research |
| persistence |
| https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/ |
| BlackLotus |
| FinSpy |
| Windows |
| ELF |
| init process |
| preload |
| ESET |
| Martin Smolar, Peter Strycek |
| Binarly |
| CVE-2023-40238 |
| shellcode |
| bitmap image (BMP) |
| Lenovo |
| Fujitsu |
| HP |
| Acer |
| https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux |
| bootloaders are often overlooked by defenders |
| CVE-2022-2189 – Baton Drop |
| CVE-2023-24932 |
| CISA |
| Microsoft |
| PKI |
| GRUB |
| ASCII art |
| VirusTotal |