What is Black Lotus vulnerability and why you should be worried about it

ESET security researchers discovered a malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.

The vulnerability, known as BlackLotus, has first been seen on cybercrime marketplaces back in August 2022 and appears to be particularly worring as it loads before anything else in the booting process including the operating system and any security tools that could stop it.

In other terms: if a threat actor gets access to a network or a computer, he can install this tool, and it will work fully undetected and persistent, on the UEFI level, disabling various OS security mechanisms (including BitLocker, HVCI, and Windows Defender). Also, being executed in kernel mode, it can control and subvert every other program on the machine — even after OS reinstalls and hard drive replacements — and load additional malware at the kernel level.

And if you are probably thinking that such a kind of cyberthreats can only be accessible by governments, you couldn’t be further from the truth: BlackLotus is in fact being sold on hacking forums for about $5,000, a price almost any actor interested in targeting you or you organization can afford.

Feeling worried about you the safety of your information? Try our Hushmeeting Laptop: its unique software and hardware based architecture, featuring a custom Operating System and a sandboxing virtualization layer, has been designed to protect your data and communication from UEFI bootkits such as BlackLotus and other undetectable malwares stealthly accessing your information.