The first UEFI bootkit designed for Linux systems (named Bootkitty by its creators) has been discovered.

UEFI (which stands for Unified Extensible Firmware Interface) is a modern replacement for the BIOS, the first code that runs when a computer is turned on. It's job is to load the operating system. Starting from version 2 of UEFI, cryptography is incorporated to enforce security on this whole bootstrap process.

A rootkit is a piece of malware that infects and replaces part of the operating system in such a way as to conceal itself. If that rootkit is in the boot record that the BIOS or now UEFI system uses to bootstrap the operating system, it's called a bootkit. Such bootkits can do things like defeat disk encryption because they are bootstrapped before the disk encryption system is bootstrapped and running. When the full OS is bootstrapped the bootkit can run in kernel mode with full OS privileges. In this position it can intercept anything including encryption keys and passwords.

"The bootkit's main goal is to disable the kernel's signature verification feature and to preload two as yet unknown ELF binaries via the Linux init process (which is the first process executed by the Linux kernel during system startup). During our analysis, we discovered a possibly related unsigned kernel module -- with signs suggesting that it could have been developed by the same author(s) as the bootkit -- that deploys an ELF binary responsible for loading yet another kernel module unknown during our analysis."

ELF stands for Executable and Linkable Format and is a file format for executable code on Linux systems.

"Bootkitty is signed by a self-signed certificate, thus is not capable of running on systems with UEFI Secure Boot enabled unless the attackers certificates have been installed."

"Bootkitty is designed to boot the Linux kernel seamlessly, whether UEFI Secure Boot is enabled or not, as it patches, in memory, the necessary functions responsible for integrity verification before GRUB is executed."

"bootkit.efi contains many artifacts suggesting this is more like a proof of concept than the work of an active threat actor."

Bootkitty: Analyzing the first UEFI bootkit for Linux

#solidstatelife #cybersecurity #rootkit

Hackers exploited #Windows 0-day for 6 months after #Microsoft knew of it

Source: https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/

Even after Microsoft patched the #vulnerability last month, the company made no mention that the North Korean threat group #Lazarus had been using the vulnerability since at least August to install a stealthy #rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for #malware that had already gained administrative system rights to interact with the Windows #kernel. Lazarus used the vulnerability for just that. Even so, Microsoft has long said that such admin-to-kernel elevations don’t represent the crossing of a security boundary, a possible explanation for the time Microsoft took to fix the vulnerability.

#software #news #security #cybercrime #bug #exploit #0day #fail #economy #problem #politics #hack #Hackers #trust #risk

#CosmicStrand #UEFI #malware found in #Gigabyte, #ASUS motherboards

source: https://www.bleepingcomputer.com/news/security/cosmicstrand-uefi-malware-found-in-gigabyte-asus-motherboards/

Researchers at #cybersecurity company #Kaspersky called it CosmicStrand but an earlier variant of the threat was discovered by malware analysts at #Qihoo360, who named it #Spy Shadow #Trojan.

#rootkit #hack #security #news #computer #cybercrime

STAR WARS: Squadrons looks to be preparing #anticheat ( #rootkit ) for the #SteamDeck | GamingOnLinux ⚓ https://www.gamingonlinux.com/2022/01/star-wars-squadrons-looks-to-be-preparing-anti-cheat-for-the-steam-deck

"When #Linux #EeasyAntiCheat support was first announcement it had some issues that made it much harder to implement for many games that it needed to be but now there's absolutely no way to make the EAC process" https://yewtu.be/watch?v=pzvXjmJ1kDk #rootkit #kernel

Steam Deck’s support for Epic’s ‘Easy Anti-Cheat’ isn’t easy, says ‘Warhammer: Vermintide 2’ dev https://www.nme.com/news/gaming-news/steam-decks-support-for-epics-easy-anti-cheat-isnt-easy-says-warhammer-vermintide-2-dev-3134171 #proprietarySoftware #DRM #rootkit

Hacker mit Rootkits mit gültigen Microsoft Zertifikaten

Hacker beim Katz-und-Maus-Spiel mal wieder vorn

Erst kürzlich hatten wir uns gegen durch Hardware Chips, wie das Trusted Platform Module (TPM) in Windows 11, ausgesprochen, weil solche Lösung die Nutzung von freier offener Software behindern und sogar unmöglich machen können. Nun gibt es ein schönes Beispiel dafür, dass solche "Schutzmaßnahmen", z.B. von Windows Vista, nach denen Code, der im Kernel-Modus läuft, vor Freigabe getestet und signiert werden muss auch nicht immer helfen muss.

Obige Maßnahme wurde von Microsoft eingeführt, um Rootkits, Schadprogramme, die sich im Kernel des Betriebssystems einnisten zu verhindern - und dies war auch einige Zeit erfolgreich, denn die Angriffe durch Rootkits ging zurück. Nun sind sie wieder aufgetaucht.

Das Sicherheitsunternehmen Bitdefender dokumentiert, wie Heise schreibt, bereits zum zweiten Mal in wenigen Monaten ein Rootkit namens FivsSys, das über eine gültige, von Microsoft über den WHQL-Zertifizierungsprozess ausgestellte digitale Signatur verfügt.

Damit ist den Hackern bereits zweimal gelungen, ihre Treiber in den Zertifizierungsprozess von Microsoft einzuschleusen und signieren zu lassen. Microsoft hat erst einmal diese Zertifikate zurückgerufen. Wenn es den Hackern aber keine Probleme macht die Sicherheitsvorgaben des Internetgiganten zu umgehen, muss man zukünftig mit weiteren Fällen rechnen, in denen Malware mit gütigen digitalen Signaturen tätig wird.

Mehr dazu bei https://www.heise.de/news/Die-Rueckkehr-der-Rootkits-signiert-von-Microsoft-6224944.html
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/7807-20211022-hacker-mit-rootkits-mit-gueltigen-microsoft-zertifikaten.htm
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/7807-20211022-hacker-mit-rootkits-mit-gueltigen-microsoft-zertifikaten.htm
Tags: #Rootkit #Cyberwar #Hacking #Trojaner #Windows11 #Update #Teams #Office365 #TPM #Kontrolle #Überwachung #OpenSource #Linux #Scoring #Microsoft #Verbraucherdatenschutz #Datenschutz #Datensicherheit

Smart Home Hack Breaks Down Walls Figuratively And Literally

#androidhacks #homehacks #androidroot #hvac #plc #plchack #rootkit #smarthome #smarthomehack #hackaday
posted by pod_feeder_v2

Uuuupps...

https://winfuture.de/news,123738.html
#malware #rootkit #signature #driver #security

#Microsoft have signed multiple rootkits (which allow #kernel #drivers) and reach out to a remote #IP.

source: https://twitter.com/GossiTheDog/status/1405805536403243009

#Windows #security #backdoor #vulnerability #fail #privacy #problem #news #software #danger #warning #rootkit #malware