New UEFI Rootkit ‘Black Lotus’ Offers APT-Level Capabilities


A threat actor is promoting a vendor-independent UEFI rootkit on underground criminal forums, that can disable security software and controls, cybersecurity veteran Scott Scheferman warns.

The Windows rootkit, known as “Black Lotus,” is a potent, persistent tool that is being sold for $5,000, with $200 payments for each new version, and has capabilities similar to those used by state-sponsored threat actors. Black Lotus is 80 kilobytes in size, is written in Assembly and C, and includes geofencing to prevent infecting nations in the CIS region.

According to Scheferman, the threat includes evasion tools like anti-virtualization, anti-debugging, and code obfuscation, and it has the ability to disable security tools like BitLocker, Windows Defender, and Hypervisor-protected Code Integrity (HVCI) on target computers.

Read More: New ‘Black Lotus’ UEFI Rootkit Provides APT-Level Capabilities

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.