Threat Actor Selling UEFI BootKit BlackLotus On Hacking Forums

The threat actor is supposedly selling a brand new UEFI bootKit named BlackLotus on hacking forums, which is commonly linked with state-sponsored hacking groups. According to the seller, the malware includes features like integrated Secure Boot bypass, built-in Ring0/Kernel protection against removal, anti-virtual-machine, anti-debug, and other features. The bootkit can also bypass standard protection mechanisms such as User Account Control (UAC) and can disable Windows Defender. Read more...