This virus is installed in the BIOS of your PC and breaks the security of Windows

When we talk about viruses, or malware, we usually think of small malicious programs that run on Windows and seek to take control of the PC from the Microsoft system. This malware is easy to detect, using an antivirus, and relatively easy to remove. However, a computer has other pieces of software that run even underneath Windows, giving malware complete control over all system functions and making it nearly impossible to remove. We are talking, for example, about bootkits and UEFI viruses.

BlackLotus may be the most dangerous virus

These threats have been a myth for a long time, and a target for all kinds of hackers. And unfortunately, they have come true. The security firm ESET has already detected the first copies of BlackLotus, a UEFI bootkit capable of loading into memory before Windows itself and, furthermore, skips all Secure Boot measures.

Secure Boot is a security feature that Windows has that allows the operating system to monitor the entire boot process to ensure that no code is loaded without a valid signature. Although this function has been designed for eprevent a bootkit from taking control of itself and allow hackers to upload their own malicious code, several vulnerabilities in this Secure Boot have been reported for a long time. And, in the end, they have managed to endanger users.

As this security firm has been able to verify, BlackLotus is capable of being fully loaded on a Windows 10 system or Windows 11 with Secure Boot enabled, completely breaking the security of Microsoft’s operating system. Your code could have even more privileges than antivirus or any other function, so it couldn’t do anything.

To infect computers, the malware downloads and runs on Windows, using a known security flaw to install itself within the BIOS. Furthermore, it is capable of disabling additional system security measures such as BitLocker, Windows Defender, and HVCI, leaving Windows almost naked to hackers. In addition, it installs a driver in the Kernel, to protect itself, and an HTTP downloader to be able to download updates and other modules through remote commands.

How to avoid it

As we have seen, this is very complex malware and difficult both to detect and to mitigate. Security experts recommend that the best way to protect ourselves from it is to making sure to keep our computer always updated. And update both the system and the BIOS/UEFI through official means to avoid ending up installing a vulnerable driver that endangers our security.

Common sense is always also one of the best allies. And also, if we have doubts, it is advisable to open files and folders within secure environments, such as Windows Sandbox, to reduce the risk of infection.

Read more here: Source link