BlackLotus UEFI bootkits are deployed to take over the boot technique of working methods: bypassing safety measures and deploying their malicious payloads.
Now, researchers with ESET are elevating the alarm that even fully up to date Home windows 11 methods with UEFI Safe Boot enabled are weak to BlackLotus assaults. Worryingly, the brand new bootkit, first found in October 2022, is available for as little as $5,000 on hacking boards.
“It was only a matter of time earlier than somebody would benefit from these failures and create a UEFI bootkit able to working on methods with UEFI Safe Boot enabled,” ESET defined within the report. “As we urged final 12 months in our RSA presentation, all of this makes the transfer to the ESP extra possible for attackers and a attainable method ahead for UEFI threats — the existence of BlackLotus confirms this.”