Researchers at cybersecurity firm Kaspersky have found a brand new type of malware that resides within the motherboard’s UEFI. The malware is a type of rootkit that is still current even after the host laborious drive or SSD is wiped or changed.
The Kaspersky engineers (by way of Bleeping Pc (opens in new tab)) named it CosmicStrand (opens in new tab). It is reported to be an evolution of an earlier malware known as Spy Shadow Trojan which was found way back to 2016. The researchers discovered the CosmicStrand malware within the firmware of Asus and Gigabyte motherboards. Don’t panic although! I’ll clarify.
The contaminated methods ran motherboards primarily based on the H81 chipset, which dates again a few years. An attacker would additionally want entry to the system or want to put in a distinct malware to replace or patch the firmware to inject the CosmicStrand malware. So in case you’re studying this, don’t suppose that Asus or Gigabyte methods have been insecure for all of those years or that your system is compromised. Till there may be additional analysis, it could be that CosmicStrand can solely benefit from a attainable H81 UEFI vulnerability.
The malware units up a collection of hooks that enable Home windows kernel entry, ultimately main the contaminated OS to retrieve a payload that can execute on the sufferer’s machine. The Kaspersky engineers weren’t in a position to retrieve the payload itself, however they imagine the malware shares code patterns with a Chinese language group chargeable for the MyKings crypto mining botnet. And that’s what its often about. Scumbags making an attempt to steal or generate income.
The UEFI, or Unified Extensible Firmware Interface, is nearly like a mini OS. It is the interface between the {hardware} and software program of the system, which means it influences the OS and the entire software program of the system. The UEFI is often safe and it requires particular code data. There are only a few recognized UEFI threats.
Kaspersky’s report states “the a number of rootkits found to this point proof a blind spot in our trade that must be addressed sooner quite than later.”
So, whereas the menace is restricted, it shines a highlight on the necessity for the trade to pay shut consideration to attainable vulnerabilities. The lure of 1,000,000 contaminated machines covertly mining a crypto coin is a big dangling carrot for a malicious actor.
![[Controller] Need some advice regarding stick drift.. : xbox](https://external-preview.redd.it/35ckWqiVEtjEmk3mEBBCsrvG4pUnuBYzl1rvbHEgXHk.jpg?auto=webp&s=4d0d436079ce292e8ba9576d0f0869189b63a50c)
