Home Cyber Security Discovering the legendary BlackLotus bootkit

Discovering the legendary BlackLotus bootkit

Discovering the legendary BlackLotus bootkit

ESET Analysis

Here is a narrative of how an evaluation of a supposed sport cheat became the invention of a robust UEFI menace

ESET Research Podcast: Finding the mythical BlackLotus bootkit

In direction of the tip of 2022 an unknown menace actor boasted on an underground discussion board that they’d created a brand new and highly effective UEFI bootkit known as BlackLotus. Its most distinctive function? It may bypass UEFI Safe Boot – a function constructed into all trendy computer systems to stop them from operating unauthorized software program.

What at first gave the impression of a fantasy – particularly on a totally up to date Home windows 11 system – has became actuality a couple of months later, when ESET researchers discovered a pattern that completely matched this principal function in addition to all different attributes of the marketed bootkit.

On this episode of ESET Analysis podcast, ESET Distinguished Researcher and host of this podcast Aryeh Goretsky talks to ESET Malware Researcher Martin Smolár about how he found the menace and what the primary findings of his evaluation have been.

Within the dialogue, Martin reveals that he initially thought of the BlackLotus pattern to be a sport cheat and describes the second when he realized that he had discovered one thing way more harmful. To keep away from a standard false impression, Martin additionally explains the distinction between malicious UEFI firmware implants and threats that “only” goal the EFI partition. To make the knowledge actionable for our listeners, the ultimate a part of the dialogue explores the prevention and mitigation of UEFI assaults.

For extra particulars reminiscent of who could be affected by BlackLotus or how a menace actor may receive the bootkit, take heed to the entire episode of ESET Analysis podcast on Spotify, Google Podcasts, Apple Podcastsor PodBean. And when you like what you hear, subscribe for extra.

Date: 2023-07-12 07:30:13

Source link


Please enter your comment!
Please enter your name here