The BlackLotus UEFI Bootkit: Analyzing the Impact of its Source Code Leak on GitHub


Published on Jul 16, 2023   —   2 min read

In the ever-changing world of cybersecurity, new threats pop up all the time. One recent development that's causing a stir is the leak of the source code for the BlackLotus UEFI bootkit. This malware, which targets Windows systems, could potentially kick open the door to a whole new set of cyber threats.

Getting to Know BlackLotus

BlackLotus is a tough customer in the cybersecurity world. It can sneak past Secure Boot on fully updated Windows 11 installations, dodge security software, stick around on an infected system, and carry out tasks with the highest level of privileges in the operating system. Plus, it can mess with the BitLocker data protection feature, the Microsoft Defender Antivirus, and the Hypervisor-protected Code Integrity (HVCI).

Why BlackLotus is a Big Deal

BlackLotus was the first UEFI bootkit found that could get around the Secure Boot mechanism and turn off OS-level security protections. It first did this by exploiting the "Baton Drop" vulnerability (CVE-2022-21894), which Microsoft patched in January 2022. But then, ways were found to get around the security update, allowing BlackLotus to keep doing its thing.

The Source Code Leak

The source code of the BlackLotus UEFI bootkit was recently leaked on GitHub by a user named 'Yukari.' The leaked source code, while not the whole kit and caboodle, mainly contains the rootkit part and bootkit code needed to bypass Secure Boot. This leak could potentially allow threat actors to create stronger versions of the malware that can get around current and future security measures.

What the Leak Means

The leak of the BlackLotus source code could potentially cause a big shift in the threat landscape. It makes it easier for threat actors to mix the bootkit with new bootloader vulnerabilities, setting the stage for more complex and sophisticated attacks down the line. This shows the real limitations of the current protections below the operating system level.

How to Protect Against BlackLotus

In light of the threat posed by BlackLotus, it's a good idea to follow the comprehensive mitigation advice that the NSA published last month. This advice can help protect systems against the BlackLotus UEFI bootkit threat.


The arrival of the BlackLotus malware and the subsequent leak of its source code highlight the importance of staying on your toes in the face of evolving cybersecurity threats. As the threat landscape continues to change, it's crucial to keep systems updated and follow the latest advice from cybersecurity experts to protect against these new threats.

Share on Facebook Share on Linkedin Share on Twitter Send by email

Subscribe to the newsletter

Subscribe to the newsletter for the latest news and work updates straight to your inbox, every week.