The Myth Is Now Reality: Black Lotus Malware Can Bypass Secure Boot On Windows Machine

Laiba MohsinLast Updated: Mar 2, 2023
Black Lotus Malware

BlackLotus, a UEFI bootkit sold on hacking forums for about $5,000 has a shocking reality. It can now bypass Secure Boot. Black Lotus Malware has now become the first known malware to run on Windows systems even with the firmware security feature enabled.

Black Lotus Malware Is Capable Of bypassing Secure Boot

What is Secure Boot? It is supposed to prevent devices from running unauthorized software on Microsoft machines. However, the fact is that the BlackLotus malware loads before the booting process. It means that the operating system and any security tools are bypassed this way. Kaspersky’s lead security researcher Sergey Lozhkin saw the BlackLotus being sold on cybercrime marketplaces first time back in October 2022.

In research published, ESET malware analyst Martin Smolár states that the myth of bootkit bypassing secure boot has become a reality now. The latest black lotus malware is capable of running on even fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. Smolár noted that BlackLotus can exploit a more than one-year-old vulnerability, CVE-2022-21894. It easily bypasses the secure boot process and establishes persistence. Back in January 2022, Microsoft fixed this CVE however, miscreants can still exploit it as the affected signed binaries have not been added to the UEFI revocation list. he said:

“BlackLotus takes advantage of this, bringing its own copies of legitimate – but vulnerable – binaries to the system in order to exploit the vulnerability,”

The point worth mentioning here is that this malware is even more difficult to detect as it can disable several OS security tools including BitLocker, Hypervisor-protected Code Integrity (HVCI), and Windows Defender. It even bypasses User Account Control (UAC) according to the security shop.

Reports claim that the researchers don’t attribute the malware to a particular gang or nation-state group.  This is because the BlackLotus installers won’t proceed if the compromised computer is located in Armenia, Belarus, Kazakhstan, Moldova, Romania, Russia, and Ukraine.

Also Read: WhatsApp For Windows Gets Call Link Feature – PhoneWorld

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Laiba MohsinLast Updated: Mar 2, 2023
Photo of Laiba Mohsin

Laiba Mohsin

Laiba is an Electrical Engineer seeking a placement to gain hands-on experience in relevant areas of telecommunications. She likes to write about tech and gadgets. She loves shopping, traveling and exploring things.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel

>