Malware

BlackLotus

First seen: 2022-10 • Status: active

Currently Active Threat

BlackLotus is a super-advanced virus that infects the deepest part of your computer. It survives reinstalling Windows and is nearly impossible to remove without expert help.

Overview

BlackLotus is a UEFI bootkit that can bypass Secure Boot on fully updated Windows 11 systems. It is the first known bootkit to bypass Secure Boot in the wild.

Also Known As

Black Lotus

How It Spreads

  • Underground forums purchase
  • Targeted deployment

What It Does

  • Bypasses Secure Boot
  • Persists through OS reinstalls
  • Disables Windows security
  • Loads additional malware

Is your business exposed?

Target Platforms

Windows 11, Windows 10

Detection Tips

  • Monitor UEFI integrity
  • Check for Secure Boot anomalies

MITRE ATT&CK Techniques

T1542, T1562

If You're Infected

  1. 1.

    Update UEFI firmware

  2. 2.

    Re-flash UEFI if infected

  3. 3.

    Seek professional help

Related Malware

Trickbot, Emotet

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices