Talking about viruses has seemed like the daily refrain for a few years, but if these viruses are related to our computers, things change a bit. We have a multitude of constant dangers that seek to infect our PC, and according to a new report from Kaspersky through its blog, they have detected a new virus from a Chinese group that would be installed in our BIOS, making it very difficult to eliminate. MoonBounce, this is the name of the new threat that puts our motherboards in check.
Kaspersky warns of an increase in malware type firmware for 4 years to date, the increase in this type of virus that is housed in the firmware UEFI (Unified Extensible Firmware Interface). These viruses in question attack directly by implementing the malicious code by the SPI-BUS (Serial Peripheral Interface) which is responsible for the transfer of data between the integrated circuits in the equipment.
MoonBounce: malware that is difficult to remove
The new malware called MoonBouce Contrary to other more common viruses that are installed on the hard drive of computers, infecting the drive and files found there, this one becomes strong in the bios chip, more specifically in the SPI memory of our motherboard. This means that even after detecting the virus, formatting and deleting our hard drive/files does not take effect, leaving the virus in question to continue to endure over time, being immune to practically everything.
According to the antivirus company’s own statements Kaspersky via his SecureList blog:
“…The source of the infection starts with a set of hooks that intercept the execution of various functions on the UEFI boot services…»
“…sets additional hooks on later components of the boot chain, namely the Windows loader…”
These post hooks are used to perform function call forwarding to the malicious shellcode, which they added to CORE_DXE, as detailed by the antivirus company’s researchers on their blog.
Origin and recent infections of MoonBounce
For now, don’t panic. Although this type of malware is not new to be installed in the EUFI, it is true that it is more sophisticated than the previous ones.
This new malware, according to information, seems to come from a group called APT41. Much of the research work by the company when detecting a new virus of this type, is to try to create a traceability of it, we are going to follow the trail to where it came from and according to the researchers, everything points to the group called APT41 that is closely linked to the Chinese government.
So far, this new virus has only been detected on a specific computer of a company of an organization that controls several companies that deal with technology transport.
In the absence of knowing more details, there is no need to create an alarm and we remember that both for this type of malware and for more common viruses, it is important to always have our equipment updated, including the BIOS of our PC to avoid being the target of this type of malware. attacks, without our knowledge.
