A new bootkit called BlackLotus has emerged and it is the first publicly known malware that is capable of bypassing Secure Boot defenses. This makes it a very potent threat in the cyber landscape.
The bootkit is programmed in Assembly and C and is 80 kilobytes in size. It is being offered for sale at $5,000. The bootkit also features geofencing capabilities to avoid infecting computers in Armenia, Belarus, Kazakhstan, Moldova, Romania, Russia, and Ukraine. Details about BlackLotus first emerged in October 2022, with Kaspersky security researcher Sergey Lozhkin describing it as a sophisticated crimeware solution.
This bootkit represents a bit of a 'leap' forward in terms of ease of use, scalability, accessibility, and most importantly, the potential for much more impact in the forms of persistence, evasion, and/or destruction.