Researchers Discover “BootKitty,” First UEFI Bootkit Targeting Linux Systems

by Justin Erickson

Security researchers have uncovered “BootKitty,” the first known UEFI bootkit designed to target Linux systems. This sophisticated malware implants itself into the Unified Extensible Firmware Interface (UEFI), allowing it to persist beyond system reboots and evade traditional antivirus tools. BootKitty is still in its prototype stage. The bootkit cannot operate on Linux systems with Secure Boot enabled, as it relies on a self-signed certificate. For BootKitty to run on Secure Boot-protected systems, the attacker’s certificate would already need to be installed, limiting its potential impact on properly secured environments. Linux users are advised to ensure Secure Boot is enabled, keep firmware updated, and monitor for unusual system behavior to defend against this emerging threat.