It is discovered that the terrible malware 'BlackLotus' that bypasses the UEFI secure boot of Windows 11 and hijacks the PC is sold for less than 700,000 yen



UEFI is a software interface specification that replaces the conventional BIOS , and defines a protocol called secure boot that checks whether it has been tampered with before the OS starts. Researchers at cyber security company ESET have launched a boot kit called `` BlackLotus '', which is said to allow hackers to ``bypass the security protection of Windows 11, install malware, and take complete control of vulnerable PCs''. I reported that it is selling for $ 5000 (about 680,000 yen).

BlackLotus UEFI bootkit: Myth confirmed | WeLiveSecurity
https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/

BlackLotus bootkit can bypass Windows 11 Secure Boot: ESET | CSO Online
https://www.csoonline.com/article/3689160/blacklotus-bootkit-can-bypass-windows-11-secure-boot-eset.html

It's official: BlackLotus malware can bypass secure boot • The Register
https://www.theregister.com/2023/03/01/blacklotus_malware_eset/

Dangerous BlackLotus bootkit can be used to hijack Windows 11 PCs | Tom's Guide
https://www.tomsguide.com/news/dangerous-blacklotus-bootkit-can-be-used-to-hack-even-fully-updated-windows-11-pcs

An ESET research team has announced that a UEFI bootkit called BlackLotus can bypass the security-critical feature UEFI Secure Boot and take full control of a vulnerable PC.




UEFI Secure Boot is a protocol designed to ensure that the system only boots to trusted software and firmware, preventing infection by running malware and loading an unauthorized OS before the OS boots. is supposed to be malware that bypasses this Secure Boot by infecting the computer's boot process.

BlackLotus exploits a security vulnerability named CVE-2022-21894, discovered in December 2021, to bypass the UEFI Secure Boot process and establish persistence to the target PC. Microsoft released a patch for this vulnerability in January 2022, but according to ESET, hackers can still exploit this vulnerability because the affected binaries have not been added to the UEFI revocation list .




When infected with BlackLotus, it is said that the security protection functions in the OS such as BitLocker , HVCI , and Microsoft Defender are disabled.




The main purpose of BlackLotus is believed to be to deploy its own kernel drivers inside the computer to protect the kernel from security guards trying to keep rogue bootkits out. BlackLotus also deploys HTTP downloaders that can load specific usermodes and kernelmodes.




According to ESET, BlackLotus has been sold by hackers for $5,000 (about 680,000 yen) since around October 2022, and it has been pointed out that it may be used for hacking and spying activities against the government. Technology news media Tom's Guide said, ``BlackLotus is certainly dangerous, but ordinary hackers already have a lot of malware for general users.Therefore, BlackLotus is basically used to target large companies and government agencies. It could be,” he said.

ESET recommends keeping your system and security software up to date to protect your OS and PC from BlackLotus and other threats.

Related Posts:

in Software,   Security, Posted by log1r_ut