This allowed us to examine the entire execution chain and realize that we are not just dealing with normal malware here," said Martin Smolár, the ESET researcher who led the investigation of the bootkit. After an initial analysis, we discovered code patterns of six BlackLotus installers in the samples of those found. "We got our first clues from hits in our telemetry in late 2022, which turned out to be a component of BlackLotus – an HTTP downloader.
The UEFI bootkit has been sold on hacker forums for $5,000 since October 2022.
Even a fully up-to-date Windows 11 system with Secure Boot enabled poses no problem for the malware, the ESET authors write.īased on the functionality of the bootkit and its individual features, the European IT security vendor's experts assume that it is a threat known as BlackLotus. This security system is propagated by Microsoft and propagated by Windows 10 or Windows 11 and is now even required for certification. This bootkit is able to bypass essential security features of UEFI Secure Boot. Bypassing Secure BootĮSET's security researchers have discovered a so-called bootkit that can be integrated into malware. I just came across this issue on Twitter – ESET, for example, addressed it in this tweet as well as in this blog post.
0 kommentar(er)
