Security News > 2023 > March > BlackLotus Malware Hijacks Windows Secure Boot Process
Researchers have discovered malware that "Can hijack a computer's boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows."
Dubbed BlackLotus, the malware is what's known as a UEFI bootkit.
As a result, the first publicly known UEFI bootkit bypassing the essential platform security feature-UEFI Secure Boot-is now a reality.
In this blogpost we present the first public analysis of this UEFI bootkit, which is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled.
It's capable of running on the latest, fully patched Windows 11 systems with UEFI Secure Boot enabled.
It exploits a more than one year old vulnerability to bypass UEFI Secure Boot and set up persistence for the bootkit.
News URL
Related news
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)