Security News > 2023 > March > It's official: BlackLotus malware can bypass Secure Boot on Windows machines
BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.
Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines.
In research published today, ESET malware analyst Martin Smolár, says the myth of an in-the-wild bootkit bypassing secure boot "Is now a reality," as opposed to the usual slew of fake ads by criminals attempting to scam their fellow miscreants.
The latest malware "Is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled," he added.
BlackLotus exploits a more than one-year-old vulnerability, CVE-2022-21894, to bypass the secure boot process and establish persistence.
The bootkit research follows UEFI vulnerabilities in Lenovo laptops that ESET discovered last spring, which, among other things, allow attackers to disable secure boot.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/01/blacklotus_malware_eset/
Related news
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)
- Detecting Windows-based Malware Through Better Visibility (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-11 | CVE-2022-21894 | Unspecified vulnerability in Microsoft products Secure Boot Security Feature Bypass Vulnerability | 4.4 |