Diving Into Glupteba's UEFI Bootkit
released on 2024-02-13 @ 12:54:56 AM
This article describes the infection chain of a new Glupteba malware campaign that took place around November 2023. The analysis reveals Glupteba's use of an undocumented UEFI bootkit that can intervene and control the OS boot process, enabling Glupteba to hide itself and create stealthy persistence. The identification of this novel UEFI bypass technique underscores Glupteba's capacity for innovation and evasion, posing a significant detection challenge.