1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Your motherboard could be infected with some seriously sneaky mal

    From TechnologyDaily@1337:1/100 to All on Tue Jul 26 15:45:04 2022
    Your motherboard could be infected with some seriously sneaky malware

    Date:
    Tue, 26 Jul 2022 14:24:18 +0000

    Description:
    New UEFI malware discovered on motherboards discontinued seven years ago.

    FULL STORY ======================================================================

    Cybersecurity researchers from Qihoo360 and Kaspersky have warned some older motherboards could be infected with uniquely sneaky malware .

    Motherboard malware, persistent threats usually known as UEFI rootkits, are particularly difficult to remove, as even wiping the hard drive doesnt eliminate the threat.

    This instance, which Qihoo360 dubbed Spy Shadow Trojan, and Kaspersky named CosmicStrand, was found on machines with ASUS and Gigabyte motherboards.
    These were mostly discontinued hardware, produced between 2013 and 2015, with Kaspersky noting UEFI firmware rootkit can persist on devices for as long as they are operational. Difficult compromise to pull off

    Explaining the findings via Twitter, former Kaspersky reverse engineer Mark Lechtik said the compromised firmware images came with a modified CSMCORE DXE driver, which enables a legacy boot process, BleepingComputer reported.

    This driver was modified so as to intercept the boot sequence and introduce malicious logic to it, Lechtik said.

    What the researchers dont know yet is how the malware made it onto the devices, as compromising the endpoints with UEFI malware involves either having physical access to the devices or having precursor malware that would be able to automatically patch the firmware image. Read more

    This bootkit has been used to backdoor Windows devices for almost a decade


    Intel, Lenovo and more hit by major BIOS security flaws


    These are the best antivirus solutions around

    In Qihoo360s case, a victim said they had bought an already compromised, used motherboard, from the Internet. Among the victims that Kaspersky analyzed
    were private individuals in China, Iran, Vietnam, and Russia, that had almost nothing in common.

    It is hard to determine who the threat actor is, although Kaspersky believes the same group is behind the MyKings cryptomining botnet.

    Although more difficult to pull off, UEFI malware is becoming more common. In October last year, for example, cybersecurity researchers from ESET
    discovered such malware and dubbed it ESPecter. Back then, the researchers claimed this threat was active since at least 2012 and was used mostly for espionage, as it was capable of keylogging and stealing documents. Here's our take for the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/your-motherboard-could-be-infected-with-some-se riously-sneaky-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)