Skip to main content
  1. Home
  2. Computing
  3. News

‘LoJax’ rootkit malware can infect UEFI, a core computer interface

By
Hacker with Computer
Bill Hinton/Getty Images

Modern computers utilize what is known as a Unified Extensible Firmware Interface (UEFI) to get up and running. When you press the power button on your Mac or PC, the UEFI begins communicating with your computer’s hardware and your operating system of choice, whether that be MacOS, Windows, or Linux. However, in a terrifying turn of events, ESET researchers have discovered a malicious piece of software, a rootkit, that burrows into your UEFI and is nearly impossible to get rid of, even when detected.

Rootkits are malicious bits of computer software that can infect a user’s machine and gain access to areas that are typically off-limits, such a private user data or protected system files. While the concept of rootkits taking advantage of a computer’s UEFI isn’t new, this is the first time that a sample has been detected in the wild.

Recommended Videos

The UEFI rootkit, code-named LoJax, takes advantage of a legitimate software designed by the Canadian company, Absolute Software. The security company offers an anti-theft solution for computers known as LoJack, which can assist victims in locating their stolen property. One of LoJack’s most exceptional features is its ability to stay present on a machine when the operating system is reinstalled, and the now malicious LoJax variation has taken keen advantage of that function.

Related

LoJax has been shown to be the child of cyber espionage and hacking group Fancy Bear. Typically acknowledged as a product of the Russian military intelligence agency, GRU, the group has been behind many prominent attacks including those in the German parliament, the White House, NATO, the Democratic National Committee, and the International Olympic Committee.

What makes a UEFI rootkit particularly dangerous when compared to a standard rootkit is its ability to survive. Not only can LoJax gain access to restricted files on a user’s machine, but it can withstand the digital equivalent of a complete holocaust. Due to the way in which the rootkit attaches to a machine’s SPI flash memory, the chip in which a computer’s UEFI is kept, wiping your internal drive, or even completely replacing it, won’t get rid of it.

The LoJax rootkit can only be removed from a system by either reprogramming the SPI flash memory, a very delicate and complex operation, or by completely swapping out the motherboard. Individuals can help to keep themselves safe against the attack by ensuring that their machines have Secure Boot enabled; this prevents unauthorized firmware on your UEFI from booting your computer.

Editors' Recommendations

Topics
Michael Archambault
Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
The HP Victus gaming PC with RTX 3060 has a $550 discount
The HP Victus 15L gaming PC in white.

Gamers don't need to spend more than $1,000 if they want to buy a new gaming PC because there are affordable options like the HP Victus 15L gaming desktop. From its original price of $1,400, you can get it for just $850 as HP has applied a $550 discount on this machine. However, you shouldn't delay your purchase because there's no assurance that the gaming PC will still be 39% off tomorrow. If you want to make sure that you get it for less than $1,000, you're going to have to complete the transaction for it within the day.

Why you should buy the HP Victus 15L gaming desktop
You shouldn't expect the HP Victus 15L gaming desktop to match the performance of the top-of-the-line models of the best gaming PCs, but it's surprisingly powerful for its cost. Inside it are the 13th-generation Intel Core i7 processor and the Nvidia GeForce RTX 3060 graphics card, with 16GB of RAM that our guide on how much RAM do you need says is the best place to start for gaming. It's enough to play today's best PC games without any issues, and it may even be capable of running the upcoming PC games of the next few years if you're willing to dial down the settings for the more demanding titles.

Read more
This 17-inch HP laptop is on sale for just $300 — but hurry!
The HP 17t-cn300 17.3-inch laptop against a white background.

If you want to buy a laptop with a relatively large screen, the good news is that you don't have to break the bank with your purchase because you can get the HP Laptop 17t for a very affordable $300. It's on sale from HP with a $200 discount on its original price of $500, but there's no telling how much time is remaining before this offer expires. We don't think it will stay available for long because laptop deals like this almost always get sold out quickly, so complete the transaction as soon as possible to make sure that you don't miss out on the savings.

Why you should buy the HP Laptop 17t
With the 17.3-inch display of the HP Laptop 17t, you'll have a lot of screen real estate to work on your projects and watch streaming shows. It's pretty affordable for a laptop with this large screen, which offers HD+ resolution for sharp details and vibrant colors. However, despite its big display, the HP Laptop 17t maintains portability because it's only 0.78 of an inch thick, which makes it easy to slide into your bag when you're on the go, and it won't be too heavy to carry around because it only weighs about 4.6 pounds.

Read more
What to do if your Intel CPU keeps crashing
Pins on Core i9-12900K.

Despite being among the best processors you can buy, some high-end Intel CPUs have faced a wave of instability over the past few months. Intel is investigating the problem, but the company and its motherboard partners have already worked toward some temporary fixes to improve stability on high-end Intel CPUs -- even if it comes at a performance cost.

Before getting into the fixes, keep in mind that they are temporary. Intel will release a statement on the instability soon, likely with more direct guidance on what affected users should do. In addition, the scope of the problem isn't clear -- if you're not experiencing issues, you shouldn't have anything to worry about.
Who's affected

Read more