WTF?! BlackLotus was first discovered in October 2022, and it has since been described as one of the most complex annd dangerous threats against the secure Windows boot process. The bootkit will likely become even more dangerous in the near future, as a modified version of its source code is now available for download to all.
What just happened? Months after researchers discovered the dangerous, "invisible" threat posed by BlackLotus, Microsoft is now giving investigators and sysadmins a detailed guidance over the telltale signs of an ongoing infection.
Why it matters: "BlackLotus" is being offered on underground forums as an all-powerful firmware rootkit, capable of surviving any removal effort and bypassing the most advanced Windows protections. If actual malware samples can prove the offer is real, of course.