Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Warning UEFI rootkit

Post Reply
Message
Author
User avatar
Mauser
Forum Regular
Forum Regular
Posts: 638
Joined: Mon Jun 27, 2016 7:32 pm

Warning UEFI rootkit

#1 Post by Mauser » Fri Sep 28, 2018 11:25 pm

LoJax is an UEFI rootkit. Here is the link about it. https://thehackernews.com/2018/09/uefi- ... lware.html

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 4378
Joined: Wed Jul 12, 2006 4:05 pm

Re: Warning UEFI rootkit

#2 Post by timkb4cq » Sat Sep 29, 2018 12:05 am

Reading through the linked White Paper, it looks like a purely Windows implementation based on an old version of LoJack or it's predecessor Computrace which was factory installed in many laptops.
It has to be customized for the particular UEFI implementation so while it's technically "in the wild" it appears to be a targeted hack rather than a large scale "build a botnet" kind off attack.
Since it tries to find an NTFS partition to load Windows .exe files from during the boot process, even if a Linux user managed to get infected while running Windows the infection couldn't actually run - although I see how it could potentially prevent booting up - and a motherboard firmware reload/upgrade would be required to remove the infection.

Interesting, but not terribly relevant for MX as it currently stands.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

Post Reply

Return to “General”