Security News > 2023 > March > It's official: BlackLotus malware can bypass Secure Boot on Windows machines
BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.
Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines.
In research published today, ESET malware analyst Martin Smolár, says the myth of an in-the-wild bootkit bypassing secure boot "Is now a reality," as opposed to the usual slew of fake ads by criminals attempting to scam their fellow miscreants.
The latest malware "Is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled," he added.
BlackLotus exploits a more than one-year-old vulnerability, CVE-2022-21894, to bypass the secure boot process and establish persistence.
The bootkit research follows UEFI vulnerabilities in Lenovo laptops that ESET discovered last spring, which, among other things, allow attackers to disable secure boot.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/01/blacklotus_malware_eset/
Related news
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-11 | CVE-2022-21894 | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 0.0 |