For just $5,000, hackers on black forums could have an access to this tool and bypass Secure Boot on Windows devices. Now, it seems like what has been feared for months is true, at least according to ESET’s recent study done by analyst Martin Smolár. When you boot up your devices, the system and its security load first before anything else to disarm any malicious attempt at accessing the laptop. BlackLotus, however, targets UEFI so that it loads before anything else. Matter of fact, it’s able to run on the latest Windows 11 system with the Secure Boot feature enabled. BlackLotus exposes Windows 11 through its CVE-2022-21894 vulnerability. While it was patched in Microsoft’s January 2022 update, the malware takes advantage of this by signing binaries that have not been added to the UEFI revocation list. Smolár also writes that some of the installers do not proceed if the host uses locales from Romanian/Russian (Moldova), Russia, Ukraine, Belarus, Armenia, and Kazakhstan. Details of this first emerged when Kaspersky’s Sergey Lozhkin saw it being sold on black markets with the aforementioned price tag. What do you think about this latest development? Let us know in the comments!
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
