BlackLotus UEFI bootkits are deployed to take over the boot process of operating systems: bypassing security measures and deploying their malicious payloads.
Now, researchers with ESET are raising the alarm that even completely updated Windows 11 systems with UEFI Secure Boot enabled are vulnerable to BlackLotus attacks. Worryingly, the new bootkit, first discovered in October 2022, is readily available for as little as $5,000 on hacking forums.
“It was just a matter of time before someone would take advantage of these failures and create a UEFI bootkit capable of operating on systems with UEFI Secure Boot enabled,” ESET explained in the report. “As we suggested last year in our RSA presentation, all of this makes the move to the ESP more feasible for attackers and a possible way forward for UEFI threats — the existence of BlackLotus confirms this.”