The BlackLotus UEFI bootkit’s source code has been openly shared on GitHub, although it has undergone several modifications compared to the original malicious software.
This bootkit, created for Windows, this first appeared on hacker forums previous year. It was advertised with advanced features akin to APT-level capabilities, such as bypassing secure boot and user access control (UAC) and turning off security applications and defense mechanisms on targeted systems.
The BlackLotus bootkit can persist in the firmware and can load unsigned drivers. It has been observed exploiting CVE-2022-21894, a Windows vulnerability from a year ago, enabling it to turn off secure boot even on systems that have been fully patched.
Read More: BlackLotus UEFI Bootkit Source Code Leaked on GitHub
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
