1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This dangerous malware can even survive a drive reformatting

    From TechnologyDaily@1337:1/100 to All on Mon Jan 24 12:30:04 2022
    This dangerous malware can even survive a drive reformatting

    Date:
    Mon, 24 Jan 2022 12:21:25 +0000

    Description:
    The only way to remove MoonBounce malware is to replace the motherboard, or re-flash SPI memory.

    FULL STORY ======================================================================

    Cybersecurity researchers from Kaspersky have discovered a rare species of malware that cant be removed by antivirus , or even the most extreme of measures, such as hard drive formatting or replacement.

    That is because the malware , dubbed MoonBounce, does not reside in the hard drive itself, but rather, in the SPI flaws memory that is found on the motherboard.

    This type of malware is called a bootkit, and as explained by The Record ,
    can only be removed by re-flashing the SPI memory, which it describes as a very complex process. The other solution would be to replace the motherboard altogether. China strikes again

    MoonBounce is designed as a stage one malware, in a multi-stage attack. The malicious actors use it to either keep the doors to the compromised devices open, or to deploy stage-two malware, which can then serve as data
    harvesters, code executors, ransomware, etc.

    Kaspersky says that so far, theres only been one discovered instance of MoonBounce - in a device belonging to a transportation services company. The researchers are also under the impression that MoonBounce is the work of APT41, a well-known, state-sponsored cybercrime group with ties to the
    Chinese authorities.

    The researchers state that both MoonBounce, and the stage-two malware, which was also found on the device, was communicating with the same server infrastructure, from where APT41 gave its instructions.

    Kaspersky still doesnt know how MoonBounce ended up on the compromised
    device, to begin with.

    As a safety measure against this attack and similar ones, it is recommended
    to update the UEFI firmware regularly and verify that BootGuard, where applicable, is enabled. Likewise, enabling Trust Platform Modules, in case a corresponding hardware is supported on the machine, is also advisable, the Kaspersky team said.

    MoonBounce is a UEFI bootkit (Unified Extensible Firmware Interface), and the third one Kaspersky found in recent times, after LoJax and MosaicRegressor.
    In recent months, researchers found multiple UEFI bootkits, The Record reminds, including ESPectre, or FinSpys UEFI bootkit. You might also want to check out our list of the best firewalls right now

    Via: The Record



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-dangerous-malware-can-even-survive-a-drive -reformatting/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)