Malware, DevSecOps

Source code of BlackLotus UEFI bookit malware exposed

SecurityWeek reports that the BlackLotus UEFI bootkit malware, which was touted to have user access control and other advanced persistent threat capabilities when it emerged last October, had its modified source code leaked on GitHub. Unlike the original BlackLotus source code, the exposed version was found to leverage the bootlicker UEFI firmware rootkit while removing the "Baton Drop" exploit for the CVE-2022-21894 vulnerability although the rest of the original code has been retained. Binarly CEO Alex Matrosov noted the significant threat brought upon by the leak of BlackLotus source code as threat actors could leverage the leaked code with new exploits for upcoming cyberattacks. "Enterprise defenders and [chief information security officers] need to understand that threats below the operating system are clear and present dangers to their environments. Since this attack vector has significant benefits for the attacker, it is only going to get more sophisticated and complex," said Matrosov.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.