This is not the type of kitty you want on your system, especially if it is about to be in development stage.
This goes by several different names, and we can step through the article to determine what is going on here.
This goes by several names, just so everyone knows.
The recently uncovered ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware.
This is confirmed by firmware security firm Binarly, which discovered LogoFAIL in November 2023 and warned about its potential to be used in actual attacks.
The fact that we’ve not heard anything about this, as I’ve never have till now.
Bootkitty was discovered by ESET, who published a report last week, noting that it is the first UEFI bootkit specifically targeting Linux. However, at this time, it is more of an in-development UEFI malware that only works on specific Ubuntu versions, rather than a widespread threat.
The short version of LogoFail is that it uses a BMP file which mahy be used in a flawed BMP.
LogoFAIL is a set of flaws in the image-parsing code of UEFI firmware images used by various hardware vendors, exploitable by malicious images or logos planted on the EFI System Partition (ESP).
“When these images are parsed during boot, the vulnerability can be triggered and an attacker-controlled payload can arbitrarily be executed to hijack the execution flow and bypass security features like Secure Boot, including hardware-based Verified Boot mechanisms,” explained Binarly previously.
The exact process is made clear, but something I’ve never seen, shellcode within the BMP file itself. This is discussed within the article.
Read the entire article BootKitty UEFI malware exploits LogoFAIL to infect Linux systems for complete details. Have fun!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.