1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Linux devices are being hit by LogoFAIL vulnerability, Bootkitty

    From TechnologyDaily@1337:1/100 to All on Tue Dec 3 14:30:05 2024
    Linux devices are being hit by LogoFAIL vulnerability, Bootkitty installed

    Date:
    Tue, 03 Dec 2024 14:27:00 +0000

    Description:
    A year-old vulnerability is used to deploy a brand new bootkit for Linux, called Bootkitty.

    FULL STORY ======================================================================LogoFAIL , image parsing vulnerabilities on Linux and Windows, are being actively abused Researchers are saying crooks are installing Bootkitty, the first-ever Linux UEFI bootkit Bootkitty works on both Linux and Windows devices

    LogoFAIL, a string of vulnerabilities that allow threat actors to install malware at boot level, is now actively being abused in the wild. This is according to a new report from cybersecurity researchers Binarly.

    Discovered roughly a year ago, LogoFAIL is a group of vulnerabilities that allow malicious actors to replace the logo image displayed on Windows and Linux devices during the boot process.

    The replaced images can contain malicious code that the device will run, and since the code is installed on boot, before the OS or any antivirus programs, most cybersecurity programs cannot detect or remove it. Purely theoretical

    In fact, even reinstalling the operating system, or replacing the hard drive, will not help. The malware installed this way is generally called UEFI bootkits, since they target the Unified Extensible Firmware Interface (UEFI), responsible for initializing hardware and launching the operating system.

    When it was first discovered, LogoFAIL was deemed purely theoretical, as no active exploits, or code, were seen in the wild. However, Binarly now says that things have changed, and that it observed LogoFAIL being used to deploy Bootkitty.

    Bootkitty was first observed, and reported, late last week. It is the first malware of its kind, since it targets Linux devices. Spotted by researchers from ESET, the malware was described as an early development stage version.

    Bootkitty relies on a self-signed certificate, which means it wont run on systems with Secure Boot - therefore, it can only target some Ubuntu distributions.

    Furthermore, the use of hardcoded byte patterns and the fact that the best patterns for covering multiple kernel or GRUB versions were not used, means that the bootkit cannot be widely distributed. Finally, Bootkitty comes with many unused functions, and does not have kernel-version checks, which often results in system crashes.

    In any case, the finding marks an important moment in the development and destructive potential of UEFI bootkits.

    Via Ars Technica You might also like The first UEFI bootkit malware for
    Linux has been detected, so users beware Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/linux-devices-are-being-hit-by-logofail -vulnerability-bootkitty-installed


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)