New ‘Shade BIOS’ Technique Beats Every Kind of Security www.darkreading.com/endpoint-…

Researchers have developed a method for running malware in a computer’s BIOS — a place where no security software can reach.

At Black Hat 2025, Kazuki Matsuo, a security researcher at FFRI Security, will detail the technique he and his colleagues call “Shade BIOS.” Unlike with traditional UEFI rootkits and bootkits, Shade BIOS distinguishes itself by requiring essentially zero interaction with an operating system (OS). Thus, it allows an attacker to perform malicious functions from beyond where any antivirus, endpoint or extended detection and response (EDR/XDR), or operating system security tools can see or touch.

The Unified Extensible Firmware Interface (UEFI), successor to the Basic Input/Output System (BIOS), is an industry-wide specification for connecting a computer’s firmware with its operating system. Advanced cyberattackers sometimes target UEFI because it runs before a computer’s actual operating system on startup. Preempting the OS allows malware to establish a gnarly degree of persistence — irrespective of reboots, reinstalling the OS, etc. — and helps it get a head start on disabling security programs before they load.