Tech

This extremely dangerous malware can survive one disk formatting

Kapersky computer security researchers have discovered a rather rare species of malware. Indeed, this malware cannot be eliminated by an antivirus, and is invulnerable to the most extreme measures such as formatting or replacing your hard drive. To be so resistant, the malware has a little secret.

Credits: Pixabay

Even if DDoS attacks remain the prerogative of hackers with an ever-increasing number of cyberattacks, the devastating potential of malware should not be underestimated. Indeed, malware wants to be more and more elaborate, more and more complex, and by extension more and more difficult to eliminate.

In our columns, we mentioned this Tuesday, January 25, 2022 the case of this Android malware capable of performing a return to factory settings and recovering your banking information. However, Kapersky computer security researchers have unfortunately discovered the existence of another disturbing piece of malware. And this in more ways than one.

His name is MoonBounce, and even though he’s only been spotted once so far, he could pose a major threat if the company’s experts are to be believed. It must be said that MoonBounce is not like other malware. An antivirus can’t do anything against it., while more extreme measures like formatting your hard drive won’t have much effect.

Read also: This malware, undetectable by antivirus, hides in an unsuspected place on the SSD

Malware injected into the Windows kernel

To go into detail, MoonBounce is a UEFI rootkit (for Unified Extensible Interface). You can think of UEFI as the modern name for BIOS. The firmware is stored there on a memory chip called Flash SPI, directly soldered on your motherboard. This firmware contains precisely the code necessary to initialize all the hardware components of your PC and configure them before the bootloader triggers the main operating system and its kernel.

Now that you know this, imagine if a hacker manages to place malware in that same SPI Flash memory chip. In this case, this malware could act on a particularly early phase of the configuration of your machine. This is moreover the stated objective of MoonBounce: to inject a malicious driver into the Windows kernel during the start-up phases and benefit the passage of a worrying level of resistance and discretion.

motherboard illustration
Credits: Unsplash

For good reason, no antivirus or intrusion detection software can verify what is happening in the memory chip. According to Kapersky researchers, this malware was used by hacker group ATP41, a collective suspected of being funded and having close ties to the Chinese government. So far, MoonBounce has been spotted in a device belonging to a transportation company.

To protect against this attack and others like it, it is recommended that you regularly update the UEFI firmware and check, if necessary, that Bootguard is enabled. Likewise, the activation of the Trust Platform Modules, in case a corresponding hardware is supported on the machine, is also advised”, advise Kapersky researchers.

Source: TechRadar

Related Articles

Leave a Reply

Your email address will not be published.