Enter the BlackLotus: Analysis of the Latest UEFI Bootkit

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
May 4, 2019
825
The world of cybercrime is constantly evolving, and one of the latest threats to emerge is the BlackLotus bootkit. This malware is the first known bootkit capable of bypassing Secure Boot on Microsoft Windows 11 systems, making it a dangerous threat in the cyber world. The malware has been sold on various hacker forums for $5,000, while upgrading to a new version only costs $200. The 80 kB-sized BlackLotus bootkit has been available on hacker forums since October 2022.
 

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
May 4, 2019
825
So can current top-notch AV/AM or endpoints like DI and Harmony prevent this?
While best-of-breed antivirus/anti-malware (AV/AM) solutions and advanced endpoint protection platforms such as Detection and Response (EDR) and Harmony can provide robust security measures, it is important to understand that the effectiveness of any security solution can vary depending on several factors, including the specific malware variant and its capabilities.

Given that the BlackLotus bootkit is designed to bypass Secure Boot on Windows 11 systems, it is possible that it could evade traditional security measures. However, reputable AV/AM solutions and advanced endpoint protection platforms often use proactive detection, behavioural analysis, machine learning and other sophisticated techniques to identify and block known and unknown threats.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,134
While best-of-breed antivirus/anti-malware (AV/AM) solutions and advanced endpoint protection platforms such as Detection and Response (EDR) and Harmony can provide robust security measures, it is important to understand that the effectiveness of any security solution can vary depending on several factors, including the specific malware variant and its capabilities.

Given that the BlackLotus bootkit is designed to bypass Secure Boot on Windows 11 systems, it is possible that it could evade traditional security measures. However, reputable AV/AM solutions and advanced endpoint protection platforms often use proactive detection, behavioural analysis, machine learning and other sophisticated techniques to identify and block known and unknown threats.
Any AV/AM or endpoint blocked it? I can't find any such block report on the net
 
  • Like
Reactions: [correlate]

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,134
It depends on the specific settings that each EDR allows.
But have a look at the video

I was expecting Harmony, DI and top-notch AV/AM to block it when it was released and make great announcement

Now that the sig is already available.........
 
  • Like
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top