Friday, October 30

They discover a malware hidden in the UEFI of the computer, an unusual type of attack that is very difficult to eliminate

The Kaspersky company has found several computers with new malware that colonizes the UEFI to hide from the antivirus and infect the computer again and again. In the world of cybersecurity there are thousands of attacks every day, but this type is a rarity. You can count on the fingers of one hand how many times someone has managed to attack the UEFI of a computer, one of the elements without which the computer cannot function. PCs need an internal system whose code contains the instructions necessary to perform a safe boot and to get the machine ready to start using it. This is UEFI, the deepest foundation of the operating system, without which we could not even power up the device. Researchers from the cybersecurity company Kaspersky claim in a report that they found this malware installed in the UEFI on several of their clients’ computers. Infecting this part of the software is really difficult, but once it is achieved it is a nightmare trying to clean the computer to remove the virus. From the UEFI, the malware takes refuge from any antivirus. From that point, the malware is designed to launch a second virus that infects the rest of the computer, such as the hard drive. We can reset the computer as many times as necessary, we will only be able to clean the hard drive, but the virus is still there when we start the computer and can attack the entire system again. We are talking about computers, but smartphones and other electronic devices work the same and could be affected in the same way by this attack. The malware in question, according to information collected by Kaspersky, has been created as a result of a tool capable of modifying the UEFI and that was created by Hacking Team years ago, its name is VectorEDK. This group of hackers ended their activity in 2015, when their internal emails and the code of their tools were made public. With that code they could have built this new virus. Kaspersky still has no evidence of the authorship of this new malware. Researchers only dare to target a new group of hackers of Asian origin. The suspicions are based on the fact that the victims are mostly from this region and some of the malware code is written in Chinese or Korean. Furthermore, they could have used Royal Road, a document creation tool widely used among criminals in Asia. That it is known is the second time that the researchers of a company come up with something similar. In 2018, ESET warned of the presence of a new virus that acted in a similar way, taking refuge in the UEFI and infecting the entire computer over and over again. This new alarm is a wake-up call for the cybersecurity sector. You will need to start building malware detection and removal tools for the UEFI.

Leave a Reply

Your email address will not be published. Required fields are marked *