BlackLotus UEFI bootkit: Myth confirmed
Once installed, the bootkit’s main goal is to deploy a kernel driver (which, among other things, protects the bootkit from removal), and an HTTP downloader responsible for communication with the C&C and capable of loading additional user-mode or kernel-mode payloads. ... It starts with the execution of an installer (step 1 in Figure 2), which is responsible for deploying the bootkit’s files to the EFI System partition, disabling HVCI and BitLocker, and then rebooting the machine. CVEs: CVE-2022-21894 Malware: BlackLotus [View Article](https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/)