Security News > 2023 > July > Source code for BlackLotus Windows UEFI malware leaked on GitHub

The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community.
BlackLotus is a Windows-targeting UEFI bootkit that bypasses Secure Boot on fully patched Windows 11 installs, evades security software, persists on an infected system, and executes payloads with the highest level of privileges in the operating system.
Today, security firm Binarly told BleepingComputer that the source code of the BlackLotus UEFI bootkit was leaked on GitHub by the user 'Yukari.
"The leaked source code isn't complete and contains mainly the rootkit part and bootkit code to bypass Secure Boot," stated Binarly's co-founder and CEO Alex Matrosov.
With the bootkit's source code now widely available, it is also possible that competent malware authors might create more potent variants that can bypass existing and future countermeasures.
NSA shares tips on blocking BlackLotus UEFI malware attacks.
News URL
Related news
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets (source)
- 200-plus impressively convincing GitHub repos are serving up malware (source)
- Hundreds of GitHub repos served up malware for years (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)