Listen to Aryeh Goretsky, Martin Smolár, and Jean-Ian Boutin discuss what UEFI threats are capable of and what the ESPecter bootkit tells us about their evolution
As Unified Extensible Firmware Interface (UEFI) replaced legacy BIOS as the leading technology embedded into chips of modern computers and devices, it became vital to the security of the pre-OS environment and to the loading of the operating system. It’s no surprise that such a widespread technology represents a tempting target for threat actors in their search for ultimate persistence.
The latest malware found to be targeting UEFI is ESPecter, a bootkit that persists in the form of a patched Windows Boot Manager as an ESP implant. It is only the second-ever found malware of this sort, identified on a compromised device “accompanied” by a keylogging and data-stealing component.
Listen to the latest episode of ESET Research podcast where ESET Distinguished Researcher Aryeh Goretsky interviews ESET Malware Researcher Martin Smolár and ESET Head of Threat Research Jean-Ian Boutin about ESPecter, Lojax, and other threats targeting UEFI.