Cyber Security

ESET Research Podcast: Finding the mythical BlackLotus bootkit

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

Towards the end of 2022 an unknown threat actor boasted on an underground forum that they’d created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could bypass UEFI Secure Boot – a feature built into all modern computers to prevent them from running unauthorized software.

What at first sounded like a myth – especially on a fully updated Windows 11 system – has turned into reality a few months later, when ESET researchers found a sample that perfectly matched this main feature as well as all other attributes of the advertised bootkit.

In this episode of ESET Research podcast, ESET Distinguished Researcher and host of this podcast Aryeh Goretsky talks to ESET Malware Researcher Martin Smolár about how he discovered the threat and what the main findings of his analysis were.

In the discussion, Martin reveals that he initially considered the BlackLotus sample to be a game cheat and describes the moment when he realized that he had found something much more dangerous. To avoid a common misconception, Martin also explains the difference between malicious UEFI firmware implants and threats that “only” target the EFI partition. To make the information actionable for our listeners, the final part of the discussion explores the prevention and mitigation of UEFI attacks.

For more details such as who might be affected by BlackLotus or how a threat actor might obtain the bootkit, listen to the whole episode of ESET Research podcast on Spotify, Google Podcasts, Apple Podcasts, or PodBean. And if you like what you hear, subscribe for more.

Articles You May Like

Fraudsters Steal Over $1m in Three Weeks Through ‘Pig Butchering’ Crypto Scam
AquaLith might have an answer to the US battery material shortage problem
#NITAM: Average Annual Cost of Insider Incidents Reaches $16.2m Per Organization
TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
CISA and NFL Collaborate to Secure Super Bowl LVIII

Leave a Reply

Your email address will not be published. Required fields are marked *