ESET Research Podcast: Finding the mythical BlackLotus bootkit

Cyber Security

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

Towards the end of 2022 an unknown threat actor boasted on an underground forum that they’d created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could bypass UEFI Secure Boot – a feature built into all modern computers to prevent them from running unauthorized software.

What at first sounded like a myth – especially on a fully updated Windows 11 system – has turned into reality a few months later, when ESET researchers found a sample that perfectly matched this main feature as well as all other attributes of the advertised bootkit.

In this episode of ESET Research podcast, ESET Distinguished Researcher and host of this podcast Aryeh Goretsky talks to ESET Malware Researcher Martin Smolár about how he discovered the threat and what the main findings of his analysis were.

In the discussion, Martin reveals that he initially considered the BlackLotus sample to be a game cheat and describes the moment when he realized that he had found something much more dangerous. To avoid a common misconception, Martin also explains the difference between malicious UEFI firmware implants and threats that “only” target the EFI partition. To make the information actionable for our listeners, the final part of the discussion explores the prevention and mitigation of UEFI attacks.

For more details such as who might be affected by BlackLotus or how a threat actor might obtain the bootkit, listen to the whole episode of ESET Research podcast on Spotify, Google Podcasts, Apple Podcasts, or PodBean. And if you like what you hear, subscribe for more.

Products You May Like

Articles You May Like

US Government Issues Cloud Security Requirements for Federal Agencies
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

Leave a Reply

Your email address will not be published. Required fields are marked *