Researchers on Wednesday announced a major #cybersecurity find—the world’s first-known instance of real-world #malware that can hijack a computer’s boot process even when #Secure #Boot and other advanced protections are enabled and running on fully updated versions of #Windows.
Dubbed #BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware target the #UEFI—short for Unified Extensible Firmware Interface—the low-level and complex chain of firmware responsible for booting up virtually every modern computer.
As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right.
It’s located in an SPI-connected #flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch.
Previously discovered bootkits such as #CosmicStrand, #MosaicRegressor, and #MoonBounce work by targeting the UEFI firmware stored in the flash storage chip. Others, including BlackLotus, target the software stored in the EFI system partition.
While researchers have found Secure Boot vulnerabilities in the past, there has been no indication that threat actors have ever been able to bypass the protection in the 12 years it has been in existence.
Until now.

https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/

Detected a UEFI-infecting rootkit, #CosmicStrand, which can reinstall itself after your reformat your drive and reinstall your OS. Explained, with main consequences, in this detailed thread:

https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ 29/
---
RT @doctorow
Computer security is really, really important. It was important decades ago, when computers were merely how we ran our financial system, aviation, and the power gr…
https://twitter.com/doctorow/status/1552698905770459136