New UEFI bootkit used to backdoor Windows devices since 2012 October 5, 2021 https://www.bleepingcomputer.com/ne...-used-to-backdoor-windows-devices-since-2012/ ESET: UEFI threats moving to the ESP: Introducing ESPecter bootkit
I hope English is not the primary language of the author and as such I don't want to pick on them too much but I found it a frustrating read. And yes, some of my posts here are no indication of perfect grammar but I am not writing a paid article.
Is it me, or isn't clearly explained how this bootkit would end up on a system? I assume hackers would still need to be able to run a malicious .exe file and this malware will have to install a malicious driver or at least modify the MBR and reboot the system? Also, in theory, anti malware tools should be able to block kernel mode keylogging. But it's of course easier said than done.
If you read the article thoroughly, your answer is there: Also note this bootkit has been discovered on legacy systems via MBR modification. It is also much easy to hack the MBR than the UEFI.
Yes, but they didn't mention anything about the malicious .exe that started this attack, or perhaps I need to read the article again.
Microsoft should really come up with something better to harden Windows 10/11 against these attacks. For now, it stays important to keep monitoring driver loading, but I'm guessing this can't easily be stopped. https://www.techspot.com/news/97791-blacklotus-uefi-bootkit-can-defeat-secure-boot-protection.html https://www.bleepingcomputer.com/ne...-to-sell-new-blacklotus-windows-uefi-bootkit/