Malware
UEFI Rootkit
Also known as: UEFI implant, EFI bootkit
Definition
A rootkit implanted in UEFI firmware that loads before the OS, persists across disk wipes, and bypasses most endpoint security.
Examples
- LoJax, the first publicly known in-the-wild UEFI rootkit.
- MoonBounce and BlackLotus UEFI bootkits targeting enterprises.
Related terms
BIOS Rootkit
A rootkit that infects legacy BIOS firmware so it executes before the operating system, achieving deep persistence below the OS.
Firmware Malware
Malicious code that lives in device firmware — BIOS/UEFI, network cards, drives, or peripherals — surviving OS reinstalls and most endpoint defences.
Rootkit
Stealth malware that grants and hides privileged access to an operating system or device, evading detection by standard tools.
Bootkit
Malware that infects the boot process — MBR, VBR, or UEFI — to load before the operating system and obtain persistent, privileged control.
Advanced Persistent Threat (APT)
Advanced Persistent Threat (APT) — definition coming soon.
Supply Chain Attack
An attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.