Bootkitty UEFI bootkit origins, integrated exploit uncovered

SecurityWeek reports that the novel Bootkitty UEFI bootkit prototype aimed at Ubuntu Linux machines — whose samples were initially discovered by ESET researchers in VirusTotal — was found to have been developed by researchers part of the South Korea Information Technology Research Institute’s Best of the Best academic program.

Moreover, Bootkitty has been integrated with a manipulated BMP file exploiting LogoFAIL-related vulnerability, tracked as CVE-2023-40238, to circumvent defenses provided by Secure Boot, compromise UEFI image parsing routines, and execute malicious bootloaders, according to a separate report from Binarly. “By leveraging flaws in image parsing during system boot, attackers have developed a sophisticated mechanism to bypass Secure Boot protection,” said the report. Such a development comes months after the leak of the source code for the BlackLotus UEFI bootkit for Windows, which was reported to have included user access control and secure boot evading and security app and defense deactivating capabilities.