ESET’s analysis of the threat has shown that the BlackLotus bootkit can circumvent security safeguards on fully updated Windows 11 systems and permanently infect them.
BlackLotus, a new player in the threat landscape, charges USD 5,000 to give advanced persistent threat (APT) actors and cybercriminals access to capabilities formerly only available to nation-states. The main danger posed by UEFI bootkits is well-known: by controlling the operating system’s boot process, they can disable security safeguards and introduce kernel- or user-mode payloads while the system is booting up, acting covertly and with elevated privileges.
A typical attack begins with an installer deploying the bootkit’s files to the ESP, disabling system protections, and rebooting the system. Both offline and online BlackLotus installers have been identified.
Read More: BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
