Custom-Made UEFI Bootkit Found Lurking in the Wild
upstart writes in with an IRC submission for nutherguy:
Custom-made UEFI bootkit found lurking in the wild:
For only the second time in the annals of cybersecurity, researchers have found real-world malware lurking in the UEFI, the low-level and highly opaque firmware required to boot up nearly every modern computer.
As software that bridges a PC's device firmware with its operating system, the UEFI-short for Unified Extensible Firmware Interface-is an operating system in its own right. It's located in a SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. And it's the first thing to be run when a computer is turned on, allowing it influence or even control the OS, security apps, and all other software that follows.
Those characteristics make the UEFI the perfect place to stash malware, and that's just what an unknown attack group has done, according to new research presented on Monday by security firm Kaspersky Lab.
Last year, after the Moscow-based company integrated a new firmware scanner in its antivirus products, researchers recovered a suspicious UEFI image from one of its users. After further research, Kaspersky Lab discovered that a separate user had been infected by the same UEFI image in 2018. Both infected users were diplomatic figures located in Asia.
Read more of this story at SoylentNews.