BlackLotus Bookit Found Targeting Windows 11

Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find.

Dark Reading Staff, Dark Reading

March 2, 2023

1 Min Read
lotus flower on black background
Source: View Stock via Alamy Stock Photo

BlackLotus UEFI bootkits are deployed to take over the boot process of operating systems: bypassing security measures and deploying their malicious payloads.

Now, researchers with ESET are raising the alarm that even completely updated Windows 11 systems with UEFI Secure Boot enabled are vulnerable to BlackLotus attacks. Worryingly, the new bootkit, first discovered in October 2022, is readily available for as little as $5,000 on hacking forums.

"It was just a matter of time before someone would take advantage of these failures and create a UEFI bootkit capable of operating on systems with UEFI Secure Boot enabled," ESET explained in the report. "As we suggested last year in our RSA presentation, all of this makes the move to the ESP more feasible for attackers and a possible way forward for UEFI threats — the existence of BlackLotus confirms this."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights