Skip to main content

UEFI malware discovered, Russians blamed

(Image credit: Photo Credit:

Security researchers have detected a powerful form of malware that can render victim's computer practically useless.

New findings from ESET Research, which you can find on this link, describes the “LoJax” malware as a rootkit which embeds itself into a computer’s firmware. That means it can survive the reinstallation of Windows, or even hard disk replacement.

ESET Research says it is active since at least early 2017. Apparently, it is the first case where an attack leverages the Unified Extensible Firmware Interface, or UEFI for short.

All hints point towards the Fancy Bear group as the masterminds behind the malware. Fancy Bear, also known as APT 28, is allegedly a Russian, state-sponsored group. If the name rings a bell, it’s most likely because it was linked with the attacks against US conservative groups, German and French elections in 2016 – 17, and the IAAF.

This is not the first time UEFI is being pointed at, as a potential hiding place for malware. Here’s what the report has to say:

“Along with the LoJax agents, tools with the ability to read systems’ UEFI firmware were found, and in one case, this tool was able to dump, patch and overwrite part of the system’s SPI flash memory. This tool’s ultimate goal was to install a malicious UEFI module on a system whose SPI flash memory protections were vulnerable or misconfigured.”

Photo Credit:

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.