Skip to main content

‘LoJax’ rootkit malware can infect UEFI, a core computer interface

Hacker with Computer
Bill Hinton/Getty Images

Modern computers utilize what is known as a Unified Extensible Firmware Interface (UEFI) to get up and running. When you press the power button on your Mac or PC, the UEFI begins communicating with your computer’s hardware and your operating system of choice, whether that be MacOS, Windows, or Linux. However, in a terrifying turn of events, ESET researchers have discovered a malicious piece of software, a rootkit, that burrows into your UEFI and is nearly impossible to get rid of, even when detected.

Rootkits are malicious bits of computer software that can infect a user’s machine and gain access to areas that are typically off-limits, such a private user data or protected system files. While the concept of rootkits taking advantage of a computer’s UEFI isn’t new, this is the first time that a sample has been detected in the wild.

Recommended Videos

The UEFI rootkit, code-named LoJax, takes advantage of a legitimate software designed by the Canadian company, Absolute Software. The security company offers an anti-theft solution for computers known as LoJack, which can assist victims in locating their stolen property. One of LoJack’s most exceptional features is its ability to stay present on a machine when the operating system is reinstalled, and the now malicious LoJax variation has taken keen advantage of that function.

Please enable Javascript to view this content

LoJax has been shown to be the child of cyber espionage and hacking group Fancy Bear. Typically acknowledged as a product of the Russian military intelligence agency, GRU, the group has been behind many prominent attacks including those in the German parliament, the White House, NATO, the Democratic National Committee, and the International Olympic Committee.

What makes a UEFI rootkit particularly dangerous when compared to a standard rootkit is its ability to survive. Not only can LoJax gain access to restricted files on a user’s machine, but it can withstand the digital equivalent of a complete holocaust. Due to the way in which the rootkit attaches to a machine’s SPI flash memory, the chip in which a computer’s UEFI is kept, wiping your internal drive, or even completely replacing it, won’t get rid of it.

The LoJax rootkit can only be removed from a system by either reprogramming the SPI flash memory, a very delicate and complex operation, or by completely swapping out the motherboard. Individuals can help to keep themselves safe against the attack by ensuring that their machines have Secure Boot enabled; this prevents unauthorized firmware on your UEFI from booting your computer.

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
Elon Musk says Grok 3 will outperform ChatGPT, DeepSeek in the coming weeks
Grok app on an iPhone.

Elon Musk has confirmed that his AI chatbot, Grok 3 is currently being finalized and will be available in the next one to two weeks, according to Reuters.

Speaking in a video call addressing the World Governments Summit in Dubai Musk described the AI tool as “scary smart.”

Read more
Presidents’ Day Dell Deals: XPS, G16, monitors and more on sale
The Dell XPS 14 open on a wooden table.

Presidents' Day is a nice three-day reprieve from work, and it's also a nice excuse to do some shopping. And Dell is certainly ready, with business laptops, monitors, and more discounted on their website and across Amazon. We've picked out our favorite deals, largely from the best Dell products out there -- and products we've personally reviewed or have hands-on experiences with. Here, we present that list to you so you can get some of the best laptop deals and monitor deals around. Remember that as these deals are coming out around the Presidents' Day holiday (though not all of them have explicit "Presidents' Day" markings) they very well might end soon, so plan your purchases accordingly.
Dell S2425HS Monitor — $110 $140 21% off

This sleek monitor with a modern look has integrated speakers, a 100Hz refresh rate, and a 4-star TÜV Rheinland eye comfort rating. The 24-inch Dell S2425HS is a great second monitor for your home office or second study. You won't find many monitor deals with a price lower than the starting price of $140 that this one sports, much less the reduced $110.

Read more
1Password vs. NordPass: which password manager is best in 2025?
1Password and NordPass reviews appear beside one another on a PC monitor.

1Password and NordPass are among the most popular and best password managers available. Both offer significant improvements over the built-in solutions you get from Microsoft, Apple, and Google, making it hard to choose between them.

I've reviewed the latest versions of 1Password and NordPass in 2025 and can share some insights into the differences and compare prices to help you discover which offers the best value for you.
Specs

Read more