Security News > 2023 > March > It's official: BlackLotus malware can bypass Secure Boot on Windows machines
BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.
Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines.
In research published today, ESET malware analyst Martin Smolár, says the myth of an in-the-wild bootkit bypassing secure boot "Is now a reality," as opposed to the usual slew of fake ads by criminals attempting to scam their fellow miscreants.
The latest malware "Is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled," he added.
BlackLotus exploits a more than one-year-old vulnerability, CVE-2022-21894, to bypass the secure boot process and establish persistence.
The bootkit research follows UEFI vulnerabilities in Lenovo laptops that ESET discovered last spring, which, among other things, allow attackers to disable secure boot.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/01/blacklotus_malware_eset/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Driver Signature bypass allows kernel rootkit installs (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-11 | CVE-2022-21894 | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 4.4 |