By infecting the firmware that runs immediately before the operating system loads, these UEFI bootkits continue to run even when the hard drive is replaced or reformatted. Now the same type of chip-dwelling malware has been found in the wild for backdooring Linux machines.

Bootkitty doesn’t bite… yet Security researchers say they've stumbled upon the first-ever UEFI bootkit targeting Linux, illustrating a key moment in the evolution of such tools.… Dubbed "Bootkitty" by Slovak security shop ESET,

The first UEFI bootkit specifically targeting Linux systems has been discovered, marking a shift in stealthy and hard-to-remove bootkit threats that previously focused on Windows.

ESET researchers have uncovered a prototype UEFI bootkit targeting Ubuntu Linux, marking an expansion of bootkit attacks beyond Windows.

ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.

Cybersecurity researchers have discovered “Bootkitty,” possibly the first UEFI bootkit specifically designed to target Linux systems. This marks a significant shift in the UEFI threat landscape, which previously focused exclusively on Windows-based attacks.

Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded to the VirusTotal platform on November 5, 2024.

This appears to be the first UEFI bootkit that goes beyond Windows and targets Linux machines, according to ESET security researchers.