Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.2 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Warning UEFI rootkit

Post Reply
User avatar
Forum Guide
Forum Guide
Posts: 1068
Joined: Mon Jun 27, 2016 7:32 pm

Warning UEFI rootkit


Post by Mauser » Fri Sep 28, 2018 11:25 pm

LoJax is an UEFI rootkit. Here is the link about it. https://thehackernews.com/2018/09/uefi- ... lware.html
I am command line illiterate. :confused:

User avatar
Forum Veteran
Forum Veteran
Posts: 4917
Joined: Wed Jul 12, 2006 4:05 pm

Re: Warning UEFI rootkit


Post by timkb4cq » Sat Sep 29, 2018 12:05 am

Reading through the linked White Paper, it looks like a purely Windows implementation based on an old version of LoJack or it's predecessor Computrace which was factory installed in many laptops.
It has to be customized for the particular UEFI implementation so while it's technically "in the wild" it appears to be a targeted hack rather than a large scale "build a botnet" kind off attack.
Since it tries to find an NTFS partition to load Windows .exe files from during the boot process, even if a Linux user managed to get infected while running Windows the infection couldn't actually run - although I see how it could potentially prevent booting up - and a motherboard firmware reload/upgrade would be required to remove the infection.

Interesting, but not terribly relevant for MX as it currently stands.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

Post Reply

Return to “General”