Cybersecurity researchers at ESET, an internet security company, announced that they have discovered a UEFI bootkit that is being sold online on different hacking forums for a whopping $5,000. This newly discovered bootkit is named BlackLotus, and it is capable of running on updated Windows 11 systems with UEFI Secure Boot enabled.
Recently, ESET researchers published a detailed analysis of BlackLotus, clearly explaining why it is a significant threat to the victim’s computer. The researchers have confirmed that the bootkit they discovered in the wild is the same peddled on hacking forums.
UEFI stands for Unified Extensible Firmware Interface, a firmware interface that replaces the BIOS firmware interface. UEFI loads the operating system and manages loaded drivers along with hardware initialization. The bootkit can install itself within the system firmware, hence providing it with complete control over the system’s hardware.
BlackLotus is designed to avoid any security measure that may try to detect its malicious activity. The bootkit hides itself by using multiple levels of obfuscation, and it attempts to maintain persistence on the infected system using data hiding and multiple ways to hide from security software.
However, it remains unclear how the BlackLotus bootkit is being loaded onto the victim’s computer. But, it is believed that it could be loaded through the targeted phishing campaigns or malware attacks.
Once installed, BlackLotus operates even before the operating system starts running, thereby giving it the capability to execute any commands during the boot process. Furthermore, the malware can work with any other malicious software and even execute different plugins or extensions to avoid detection by security measures.
This is of major concern as it could allow cybercriminals to gain full access to the infected system, exposing sensitive data and performing malicious activities without the victim’s knowledge. It may provide remote attackers with full access to the system, including the ability to exfiltrate data or even destroy the system.
The researchers at ESET urge victims and organizations to take extra precautions to ensure their systems are well protected from such threats. They recommend disabling UEFI firmware flashing, hardening the system security, and enabling Secure Boot to reduce the risk of such malware infections.
While it remains unclear how many systems have been compromised by this bootkit, it is essential to stay vigilant and ensure all security measures are up-to-date to protect against the rising threat of cyber attacks.
In conclusion, it is essential to remain aware of the latest security threats and take extra precautions to ensure that your systems remain safe from such attacks. The constant evolution of malware and the increasing sophistication of cybercriminals make it imperative to stay informed and always take security measures seriously.