Revisiting LoJax: The First UEFI Rootkit Found in the Wild

 

Revisiting LoJax: The First UEFI Rootkit Found in the Wild

Lessons from Firmware-Level Attacks on Modern Platforms

 

 

“To understand the immeasurable, the mind must be extraordinarily quiet, still.”
— Jiddu Krishnamurti

 

Seeker(李标明) · @clibm079    

China · Independent Malware Analyst & Researcher 

From 2025.12.3 to 2025.12.17

---

Prologue: Ever climbing, with poetry to mark the rhythm

Last time, at the end of the article titled “Revisiting SubVirt & Blue Pill: From Attacker Proof-of-Concepts to Defensive Foundations,” I had noticed the first UEFI firmware rootkit, LoJax, in the wild in 2018. Earlier than that time, I consciously collected some relevant malware samples, but I found it’s very hard for me to directly do analysis. And later in the process of malware research, I already understood the basic kernel, ATA IOCTL, IRPs, loaders, and VM-based knowledge. With deep curiosity, I would like to push myself to learn internals, so firmware research seems just the next layer down.

 

With that in mind, I keep moving and collecting more related reports and stuff to learn. But I have to move forward step by step; no quick mindset can win. And I wrote a poem to record the rhythm of research and learn to balance myself as follows:

 

Climbing up the Malware Mountain

 

Walking slowly after supper, on the noisy street

people, taxis, buses, buildings, trees, and traffic lights

but the sky without birds, no wind following me

 

Anything about “Firmware Research” put aside

Just continue to walk on the old street.

I had to cross a pedestrian overpass.

sometimes went through the construction road

The air is full of the dust and unpleasant noise.

I quickly left there and continued to turn left and turn right.

And just walked half an hour, finally came back

to a small and crystal-clear river that was flowing quietly,

I stayed there and enjoyed 

the flower and the plant, the sand and the fish

Everything is beautiful in my eyes.

 

 

The new concepts or knowledge like SMM, SMI, BIOS_CNTL, BIOSWE, BLE

The Boot Sequence Integrity defines a strict boot chain:

SEC, PEI, DXE, BDS, and RT

And SPI Flash Write Protection

And UEFI Boot Variables

They were far away in the gentle breeze of a small river.

 

Sometimes, watching square dancing

Sometimes, finding a small shop and drinking a glass of iced herbal tea

Sometimes, walking through the narrow alley with ancient buildings

And then home again to explore the unknown

And climbing up to the malware mountain as a seeker

 

From 2025.11.30 to 2025.12.11

 

 

First Impression: Shocked by an Entirely New Unknown

To be honest, it was shocking to me for the first time to hear that attackers can do firmware implants via remote. Many years ago, I never thought I would touch this thing.

 

Although with the previous experience, but before I planned to do research and write up, LoJax was still a little bit complex, and it took me weeks to understand what it is, how it can be exploited, and which phrase to inject, but the whole thing is not clear. In addition, there are too many concepts and knowledge to study: legacy BIOS knowledge, the legacy boot process, and the new evolution UEFI. All these new things—sometimes I had to make up history knowledge when I met a new concept and then went back to move a small step forward. It is not something special; maybe the similar condition happened to most malware analysts and researchers. It really took time to make up for knowledge gaps with limited understanding and cognition.

 

Yeah, it was not easy for me to understand the ESET report about LoJax with the limited knowledge mentioned above. In order to gain my personal insight, I had to put in more effort to make the whole thing clear. I also studied many references as follows:

 

1.      Attacks on UEFI Security

2.      Speed Racer: Exploiting an Intel Flash Protection Race Condition

3.      “Rootkits and Bootkits” by ALEX MATROSOV (Author)

4.      UEFI Firmware Rootkits: Myths and Reality

With the above references helping me understand as follows:

1.      There are multiple layers of protection that prevent arbitrary flash programming attempts

2.      Differences Between the Legacy BIOS and UEFI Boot Processes

3.      How UEFI Firmware Works

 

Yes, the main reading routine is ESET’s report, but I need to be prepared for basic firmware knowledge and extended concept understanding. It’s impossible for me to go forward without obstacles, so I've gotten used to this kind of patience and time.

 

Note: LoJax represents a UEFI firmware–resident rootkit, a term that is historically accurate, with bootkit characteristics arising from its execution during the system boot sequence.

 

 

LoJax was NOT a supply-chain attack

When talking about firmware implant attacks, most people would think they are often associated with physical access and supply chain attacks. A supply chain attack means the firmware is compromised before the user gets the device, and during manufacturing, logistics, or vendor distribution.

 

But LoJax did not do this; it directly did no physical access, no supply chain, and no vendor compromise—and this is an extremely important distinction in firmware security. The attackers did not touch the hardware. Everything happened through remote compromise.

 

LoJax exploited systems remotely; they required initial remote compromise first and then delivered the LoJax UEFI installer.

 

 

The First Essential Knowledge for Firmware Research

“Firmware Research” is very different from common malware research; the full firmware image can’t be shared. There are several reasons:

1.      Legal or ownership issues UEFI firmware contains copyrighted vendor code. Vendors prohibit redistribution of the entire ROM.

2.      Machine-unique data sensitive information such as UUID, MAC, and Microsoft Windows product key.

3.     Responsible disclosure Publishing the whole image can expose additional attack surface.

 

According to the above reasons, the ESET’s report shared as follows:

1.      The extracted SecDxe DXE driver (SecDxe)

2.      Parts of the toolset (ReWriter_binary.exe)

3.      The LoJax dropper or installer tools

4.      IOC lists and GUIDs

Figure 1: UEFITool view of SecDxe DXE driver (From ESET’s Report).

 

 

UEFI Secure Boot: Core Security Mechanisms

UEFI secure boot sequence integrity means each boot stage must load a trusted, signed next stage — secure Boot enforces this chain so malware cannot enter the early boot flow. It defines a strict boot chain:

 

SEC – Security phase

PEI – Pre-EFI Initialization

DXE – Driver Execution Environment

BDS – Boot Device Selection

RT – Runtime services available inside OS

 

So, to be precise, LoJax belongs to the UEFI DXE-stage rootkit that implements bootkit-style persistence. DXE drivers are stored in the SPI flash inside the UEFI region. During UEFI boot—before the OS loads, but after SEC and PEI stages.

Figure 2: PI Architecture Firmware Phases.

 

Note: TSL (Transient System Load) itself is PI Architecture-defined.

 

 

Critical UEFI Security Components Implicated in LoJax

In the process of extending research, I noted Intel Security shared a document titled “Summary of Attacks Against BIOS and Secure Boot.” At DEF CON 22 in 2014, and I appreciated “BIOS Attack Surface,” so I used it to help me understand which parts map with Lojax, and finally I highlighted the main related features with yellow color as follows:

Figure 3: BIOS Attack Surface Category from Intel Security.

Here only list the main directly or indirectly related features, which I will explain as follows:

1.      SPI Flash Write Protection (PR0–PR4)

2.      BIOS Update

3.      Secure Boot (Disabled on victims)

4.      UEFI Boot Variables (NVRAM Boot#### entries)

 

Let’s simply understand the above critical UEFI security components one by one.

1.           SPI Flash Write Protection the most important for LoJax writing a malicious DXE driver into SPI flash. Victim machines had unlocked SPI regions without PR protection, so LoJax could achieve firmware persistence by exploiting a [race-condition]-based vulnerability in the SPI flash protection mechanism, letting it write a malicious DXE driver into the BIOS region.

2.           BIOS Update LoJax abuses a vulnerable vendor UEFI update mechanism (race condition) using ReWriter_binary.exe to reflash modified firmware remotely.

Figure 4: Code snippet demonstrating UEFI flash modification via a [race-condition]–based exploit.

Because [race-condition]-based vulnerabilities are timing-sensitive, ReWriter_binary.exe enumerates physical CPU cores using APIs like GetLogicalProcessorInformationEx and applies SetThreadAffinityMask to stabilize execution of timing-critical low-level operations.

Figure 5: Code snippet for GetLogicalProcessorInformationEx to enumerate physical CPU cores.

3.           Secure Boot The most important UEFI security feature is boot-chain integrity: each boot stage must load only trusted components. LoJax did NOT bypass Secure Boot, but it only succeeded because Secure Boot was OFF. Victims had Secure Boot disabled or misconfigured. If Secure Boot had been properly enforced, LoJax’s unsigned DXE driver and bootkit components would have been blocked from execution.

4.           UEFI Boot Variables UEFI stores boot configuration in NVRAM variables. LoJax abuses this mechanism by adding a malicious boot entry to NVRAM, causing its EFI payload to be automatically loaded during system startup.

 

 

How SecDxe drops payloads before the OS loads

UEFI firmware officially guarantees only the EFI Simple File System Protocol; NTFS support is intentionally not part of the UEFI specification. However, during the DXE phase, firmware loads DXE drivers that are free to allocate memory, access raw disk blocks via the Block I/O protocol, install or hook protocols, and implement custom logic.

If a DXE driver implements its own NTFS parser and uses UEFI Block I/O services to read and write disk sectors while translating NTFS on-disk structures into file operations, the firmware can effectively access NTFS volumes without native NTFS support.

Back to LoJax, the malicious SecDxe DXE driver embedded a custom NTFS implementation derived from Hacking Team’s leaked NTFS driver in 2015. This allowed SecDxe to perform raw disk access via UEFI Block I/O and directly write the payload kernel-driver autoche.exe and user-mode rpcnetp.exe into Windows directories before the operating system was loaded.

 

Technique: a kernel-mode driver disguised as an executable, paired with a user-mode payload running as a Windows service

 The abovementioned extracted SecDxe DXE driver drops rpcnetp.exe and autoche.exe. This process takes place while Windows is booting at the Boot Device Selection (BDS) phase, and the malicious autoche.exe runs when the system loads, and it is used to set up persistence for the small agent rpcnetp.exe, and rpcnetp.exe has the ability to contact a C&C server for remote control as a backdoor.

 

The malicious autoche.exe works as a service component at boot. It is actually a kernel driver with DriverEntry. Renamed to .exe for deception. The intent is to avoid simple detection rules (“*.sys” drivers) and trick analysts into thinking it's a user-mode tool. A Windows kernel-mode driver does not have to use the .sys extension. It was a kernel driver disguised as an EXE.

Figure 6: autoche.exe is actually a kernel driver.

 

Note: I’m very happy for using pe-bear to do “First View.” From the last time I studied, here I put in real analytical work. Feel good! Thanks for the amazing tool.

 

In addition, rpcnetp.exe operated with an API likes RegisterServiceCtrlHandlerA as a legitimate Windows service, which reduced suspicion during runtime.

Figure 7: Code snippet showing RegisterServiceCtrlHandlerA registering the process with the Windows Service Control Manager (SCM).

 

 

LoJax: A Simplified Technical Summary

According to the above analysis, here is a simplified technical summary.

 

LoJax is the first publicly discovered UEFI firmware rootkit used in the wild in 2018. It achieves firmware-level persistence depth, and it is not a supply-chain attack with physical access but exploited systems remotely.

 

On the victim machine, with the Secure Boot disabled or misconfigured, it exploited a race condition in SPI flash write protections. The SPI flash infected drops kernel driver before OS loads, kernel protects user payload and user payload maintains C2 and tooling.

 

The process is like this: The malicious SecDxe DXE driver drops a kernel-mode driver (autoche.exe) and a user-mode payload (rpcnetp.exe) during early boot. Despite its .exe extension, autoche.exe is a kernel-mode driver that ensures persistent execution of the rpcnetp.exe agent that connects to a C&C server for remote control.

Figure 8: A Simplified flowchart.

 

This represents cross-layer execution spanning user mode, kernel, boot, firmware, and ultimately hardware, reflecting an attacker mindset focused on persistence depth, visibility evasion, and trust-boundary abuse. Such implants are especially dangerous because they execute before the operating system, survive OS reinstallation, and can persist even across disk replacement.

 

 

Observation on my personal perspective

LoJax is not a supply-chain attack with physical access but exploits systems remotely. But it also can do implants with physical access; it hugely expands the whole attack surface, and it makes attacks more complex. Undoubtedly, top-tier APTs naturally pay more attention to the firmware research.

 

In the process of firmware research, in addition to LoJax, the main confirmed DXE-stage implants are MoonBounce, MosaicRegressor, and so on. And at the same time I started to touch new things like SMM rootkits, Intel ME/CSME rootkits, Option ROM rootkits, and more. This attack evidence seems to indicate that firmware research is a vast unknown for me to explore. And even one day, we have to learn more knowledge about CPU mode. In fact, more challenges are on the way.

 

At firmware and pre-OS layers, attacker capabilities generally outpace current defensive visibility, underscoring how much of the threat landscape remains undocumented.

I just strongly feel I know very little, and here I just do very limited revisiting. Thanks to ESET and the many authors and security teams of all references for sharing their amazing work. It will take me more energy and time to study and research without it.

Finally, LoJax appeared eight years ago, and revisiting it today makes one thing clear: the attackers were already far ahead of me, highlighting just how much knowledge this domain demands.

 

 

Epilogue: What This Exploration Taught Me

1.  The structure of the computer is always being improved; attack and defense reinforce each other.

2.    The origin of thinking to improve structure instead of legacy BIOS with UEFI, but this generates a new problem in the process, and then we remediate it again, which tells us that the biggest vulnerability is human beings mindset.

3.    More unknown opens to me, and I just feel I've fallen far behind. I'm still in a period where security still lags behind the attackers.

4.    Depth really takes time and patience. You do a lot of groundwork at the start, and the same level of preparation persists, because research is a continuous process, and so is improving it.

5.  Researching firmware has renewed my profound sense of how little I truly know.
6.  Top-tier APT operations are characterized by cross-layer design and thinking, spanning user space, kernel space, boot, firmware, and ultimately hardware, rather than relying solely on multi-stage user-mode payload delivery.

Annotation: In all the sentences I wrote and used the word “you or your or yourself” in, it talked to me or “the malware sample itself, especially in my poem I did”, not the reader. I must clarify my motivation.

 

 

GLOSSARY

Recorded from the process of firmware research. Not strictly relevant to this report’s focus. Just Share.

 

ACM: authenticated code modules

ACPI: Advanced Configuration and Power Interface

CHS: Cylinder-Head-Sector

COFF: Common Object File Format

CSM: Compatibility Support Module

DB: Authorized Database

DBX: Forbidden Database

DMA: Direct Memory Access

DRTM: Dynamic Root of Trust Measurement

DXE: Driver Execution Environment

EBC: EFI Byte Code

EFI: Extensible Firmware Interface

ESP: EFI System Partition

FDATA: Flash Data

FFS: Firmware File System

FLOCKDN: Flash Lock-Down

FV: Firmware Volumes

GPT: GUID partition table

HOB: Hand-Off Block

KEK: Key Exchange Key

KEKs: Key Exchange Keys

KPP: Kernel Patch Protection

LBA: Logical Block Addressing

MBR: Master Boot Record

MLE: Measured Launch Environment

NVRAM: nonvolatile random access memory

OROM: Option ROM

PCRs: Provide platform configuration registers

PI: Platform Initialization

PK: Platform Key

PR: Protected Range

RBU: Remote BIOS Update

SCM: Service Control Manager

SPIBAR: SPI Base Address Register

SRTM: Static Root of Trust Measurement

TBOOT: Trusted Boot

TE: Terse Executable

TPM: Trusted Platform Module

TSL: Transient System Load

TXT: Trusted Execution Technology

UEFI: Unified Extensible Firmware Interface

VBR: Volume Boot Record

VMK: volume master key

WinRE: Windows Recovery

 

 

 

 

 

References

[1]. https://web-assets.esetstatic.com/wls/2018/09/Eset-LoJax.pdf
[2]. C . Kallenberg and R . Wojtczuk, “Speed Racer: Exploiting an Intel Flash Protection Race Condition,” January 2015 . [Online] . Available:  https://bromiumlabs.files.wordpress.com/2015/01/speed_racer_whitepaper.pdf
[3]. A . Matrosov and E . Rodionov, “UEFI Firmware Rootkits: Myths and Reality,” Black Hat Asia, 2017 . [Online] . Available: https://www.blackhat.com/docs/asia-17/materials/asia-17-Matrosov-The-UEFI-Firmware-Rootkits-Myths And-Reality.pdf

[4]. Rootkits and Bootkits: https://www.amazon.com.au/dp/1593277164?ref_=mr_referred_us_au_au
[5]. Attacks on UEFI Security: https://fahrplan.events.ccc.de/congress/2014/Fahrplan/

system/attachments/2557/original/AttacksOnUEFI_Slides.pdf
[6]. Summary of Attacks Against BIOS and Secure Boot: https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20presentations/

DEF%20CON%2022%20-%20Bulygin-Bazhaniul-Furtak-Loucaides-Summary-of-attacks-against-BIOS-UPDATED.pdf
[7]. PI Architecture Firmware Phases: htxps://uefi.org/specs/PI/1.8/V2_Overview.html

Figure 9: Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats

End of Report

──────────────────────

Seeker(李标明) · @clibm079    

China · Independent Malware Analyst & Researcher