ESET Research Podcast: Finding the mythical BlackLotus bootkit

Cyber Security

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

Towards the end of 2022 an unknown threat actor boasted on an underground forum that they’d created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could bypass UEFI Secure Boot – a feature built into all modern computers to prevent them from running unauthorized software.

What at first sounded like a myth – especially on a fully updated Windows 11 system – has turned into reality a few months later, when ESET researchers found a sample that perfectly matched this main feature as well as all other attributes of the advertised bootkit.

In this episode of ESET Research podcast, ESET Distinguished Researcher and host of this podcast Aryeh Goretsky talks to ESET Malware Researcher Martin Smolár about how he discovered the threat and what the main findings of his analysis were.

In the discussion, Martin reveals that he initially considered the BlackLotus sample to be a game cheat and describes the moment when he realized that he had found something much more dangerous. To avoid a common misconception, Martin also explains the difference between malicious UEFI firmware implants and threats that “only” target the EFI partition. To make the information actionable for our listeners, the final part of the discussion explores the prevention and mitigation of UEFI attacks.

For more details such as who might be affected by BlackLotus or how a threat actor might obtain the bootkit, listen to the whole episode of ESET Research podcast on Spotify, Google Podcasts, Apple Podcasts, or PodBean. And if you like what you hear, subscribe for more.

Products You May Like

Articles You May Like

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
CISOs Turn to Indemnity Insurance as Breach Pressure Mounts
North Korean Actor Deploys Novel Malware Campaign Against Crypto Firms
Amazon MOVEit Leaker Claims to Be Ethical Hacker
EU Ramps Up Cyber Resilience with Major Crisis Simulation Exercise

Leave a Reply

Your email address will not be published. Required fields are marked *