Security News > 2023 > March > BlackLotus Malware Hijacks Windows Secure Boot Process
Researchers have discovered malware that "Can hijack a computer's boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows."
Dubbed BlackLotus, the malware is what's known as a UEFI bootkit.
As a result, the first publicly known UEFI bootkit bypassing the essential platform security feature-UEFI Secure Boot-is now a reality.
In this blogpost we present the first public analysis of this UEFI bootkit, which is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled.
It's capable of running on the latest, fully patched Windows 11 systems with UEFI Secure Boot enabled.
It exploits a more than one year old vulnerability to bypass UEFI Secure Boot and set up persistence for the bootkit.
News URL
Related news
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- Windows 11 quick machine recovery: Restoring devices with boot issues (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)