Shulou(Shulou.com)11/24 Report--

CTOnews.com March 2 news, security researchers from ESET recently discovered a kind of malware that hijacked UEFI and named it BlackLotus. This malware is considered to be the first UEFI bootkit malware that can bypass Secure Boot on Win11 systems.

Once the device is infected with the malware, antivirus software such as Defender, Bitlocker, and HVCI is disabled on the Win11 system. The malware, which dates back to October 2022, was sold on hacker forums for $5000.

BlackLotus exploits a security vulnerability that has existed for more than a year (CVE-2022-21894) to bypass UEFI security startup and permanently embed itself in the computer.

Microsoft released an update in January 2022 to fix this vulnerability, but attackers can still exploit it because affected, validly signed installation files have not yet been added to the UEFI lock list.

BlackLotus can disable operating system security mechanisms such as BitLocker, HVCI, and Windows Defender. After installation, the main goal of malware is to install kernel drivers (which protect kernel drivers from being removed, etc.) and HTTP downloads.

CTOnews.com attached report original text: BlackLotus UEFI bootkit: Myth confirmed

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.