Security researchers at ESET discovered BootKitty which is the first known UEFI bootkit that targets Linux. This is clear evidence that UEFI bootkits are no longer confined to Windows systems and that UEFI firmware-based attacks are expanding in reach and scope.
Bootkitty is signed by a self-signed certificate and thus is not capable of running on systems that have UEFI Secure Boot enabled. However, in what is perhaps another first, there is evidence that a previously discovered UEFI exploit dubbed LogoFAIL is being used as a pre-cursor to disable Secure Boot and thus pave the way for Bootkitty to be installed. This is a clear example of one UEFI exploit (LogoFAIL) being used to enable another (Bootkitty) and may be a harbinger of a sophisticated attack strategy that will be employed by emerging threat actors.
