Page 1 of 1

Warning UEFI rootkit

Posted: Fri Sep 28, 2018 11:25 pm
by Mauser
LoJax is an UEFI rootkit. Here is the link about it. ... lware.html

Re: Warning UEFI rootkit

Posted: Sat Sep 29, 2018 12:05 am
by timkb4cq
Reading through the linked White Paper, it looks like a purely Windows implementation based on an old version of LoJack or it's predecessor Computrace which was factory installed in many laptops.
It has to be customized for the particular UEFI implementation so while it's technically "in the wild" it appears to be a targeted hack rather than a large scale "build a botnet" kind off attack.
Since it tries to find an NTFS partition to load Windows .exe files from during the boot process, even if a Linux user managed to get infected while running Windows the infection couldn't actually run - although I see how it could potentially prevent booting up - and a motherboard firmware reload/upgrade would be required to remove the infection.

Interesting, but not terribly relevant for MX as it currently stands.