Nothingburger. It's an UEFI executable that sets itself as a default boot option and then crudely patches vmlinuz before boot. No security model is broken here. If UEFI secure boot is enabled it tries to get you to enrol its self-signed sig. Secure boot was specifically built to counter this attack.
RE: "unkillable" in your title, all it takes is just deleting the .efi file from your EFI partition. It's dangerous like all rootkits are: it can theoretically patch out any security routine & prepare itself for reinfection, but that's not novel & much harder than this (documented!!!) vulnerability.
Comments