Headlines UEFI UH OH - First UEFI malware discovered in wild is laptop security software hijacked by Russians



"ESET Research has published a paper detailing the discovery of a malware campaign that used repurposed commercial software to create a backdoor in computers’ firmware—a “rootkit," active since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive replacement. While the malware had been spotted previously, ESET’s research is the first to show that it was actively attacking the firmware of computers to establish a tenacious foothold.

Dubbed “LoJax,” the malware is the first case of an attack leveraging the Unified Extensible Firmware Interface (UEFI) boot system being used in an attack by an adversary. And based on the way the malware was spread, it is highly likely that it was authored by the Sednit/Fancy Bear/APT 28 threat group—the Russian state-sponsored operation tied by US intelligence and law enforcement to the cyber-attack on the Democratic National Committee."


“Along with the LoJax agents,” ESET researchers noted, “tools with the ability to read systems’ UEFI firmware were found, and in one case, this tool was able to dump, patch and overwrite part of the system’s SPI flash memory. This tool’s ultimate goal was to install a malicious UEFI module on a system whose SPI flash memory protections were vulnerable or misconfigured.”

More @
  • 2Helpful
  • 1Like
Reactions: 2 users


Fresh Meat
Surrive hard drive replacement?? Wtf is that suppostta mean? I trust eset but this just sounds like some antivirus slipped up and some russians guys took advantage of it to fuck with some bios settings. Not that crutial. And a big 🖓 to the dnc anyhow. After all plutonium 1 deal....yeah you know. ....thats much scarier. Imagine is she was president...uuuggghh.
  • 1Face Palm
Reactions: 1 user