Cybersecurity researchers recently found out about this new thing called the first Unified Extensible Firmware Interface (UEFI) bootkit that's made to mess with Linux computers. Some folks who call themselves BlackCat came up with it and they put it out there just to show it could be done, not for any bad stuff. They uploaded it to some website called VirusTotal on November 5, 2024.
This thing, named Bootkitty, is like a sneaky little program that tries to get around the parts of the computer that check if stuff is safe to run. It's kind of a big deal because usually, these types of things only go after Windows computers, but now they're looking at Linux too.
Bootkitty's job is to stop the computer's system from checking if the important parts are okay and then sneak in two other unknown programs right at the beginning when the computer starts up. It needs to get past something called the kernel's signature verification feature, which is like a bouncer that makes sure everything is cool before letting it in.
But here's the catch: if your computer has this thing called UEFI Secure Boot on, it won't work unless the bad guys have their own certificate installed. It's like having a fake ID to get into a club.
The bootkit is really crafty because it doesn't just stop at the bouncer, it also messes with the way the computer unpacks files so it can slip in its own bad stuff. And it tweaks some other settings too, so it can load even more nasty modules without getting caught.
The cybersecurity peeps who found it, from a place called ESET, also stumbled upon another thingy called BCDropper. This one can put a new, hidden program on your computer that does spy-like stuff like hiding files and processes and opening secret doors (ports) without you knowing. It doesn't seem to be linked to any big, scary ransomware gangs yet, though.
So even though it's just a concept for now, it's still important because it shows that these kinds of computer nasties aren't just for Windows anymore. It's like a wake-up call that we all need to be ready for whatever might come next.