Warning UEFI rootkit
Warning UEFI rootkit
LoJax is an UEFI rootkit. Here is the link about it. https://thehackernews.com/2018/09/uefi- ... lware.html
I am command line illiterate. I copy & paste to the terminal. Liars, Wiseguys, Trolls, and those without manners will be added to my ignore list.
Re: Warning UEFI rootkit
Reading through the linked White Paper, it looks like a purely Windows implementation based on an old version of LoJack or it's predecessor Computrace which was factory installed in many laptops.
It has to be customized for the particular UEFI implementation so while it's technically "in the wild" it appears to be a targeted hack rather than a large scale "build a botnet" kind off attack.
Since it tries to find an NTFS partition to load Windows .exe files from during the boot process, even if a Linux user managed to get infected while running Windows the infection couldn't actually run - although I see how it could potentially prevent booting up - and a motherboard firmware reload/upgrade would be required to remove the infection.
Interesting, but not terribly relevant for MX as it currently stands.
It has to be customized for the particular UEFI implementation so while it's technically "in the wild" it appears to be a targeted hack rather than a large scale "build a botnet" kind off attack.
Since it tries to find an NTFS partition to load Windows .exe files from during the boot process, even if a Linux user managed to get infected while running Windows the infection couldn't actually run - although I see how it could potentially prevent booting up - and a motherboard firmware reload/upgrade would be required to remove the infection.
Interesting, but not terribly relevant for MX as it currently stands.
HP Pavillion TP01, AMD Ryzen 3 5300G (quad core), Crucial 500GB SSD, Toshiba 6TB 7200rpm
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB