ESET’s analysis of the malware has shown that the BlackLotus bootkit may circumvent security safeguards on fully updated Windows 11 PCs and permanently infect them.
BlackLotus is a brand-new threat actor that first appeared on darknet forums in October 2022. For $5,000, it gives advanced persistent threat (APT) actors like cybercriminals access to capabilities that were once only available to nation-states.
The main danger posed by UEFI bootkits is well-known. By controlling the operating system’s boot process, they can disable security safeguards and introduce kernel- or user-mode payloads while the machine is booting up, acting covertly and with elevated privileges.
ESET, which discovered BlackLotus for the first time in late 2022, has so far located six installers, allowing it to thoroughly examine the threat’s execution chain and pinpoint the malware’s primary capabilities.
BlackLot
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: