The motherboards to verify and boot the different components connected to it need a BIOS. Currently motherboards make one of a UEFI BIOS, a more modern system with a graphical interface and more functionalities. Its function is basic and without it the computer cannot start. Well, it seems that someone is managing to infect the UEFI BIOS with malware and it is not known who or how.
Those who have sounded the alarm has been the security company Karspersky. It appears that the company has detected malware in the UEFI BIOS of different customer computers. The strange thing is that this malware manages to infect the UEFI BIOS, modifying it and resisting attempts to remove the malicious code. In addition, it manages to replicate itself on other computers on the network, since current systems cannot eliminate them.
No products found.
Karspersky finds malware in UEFI BIOS that cannot be removed
The big problem is that the malware is embedded in the system's UEFI BIOS. The problem is that it has the function of managing the computer. Here the malware cannot be removed by restoring or formatting the hard drive as it is built into the BIOS chip. If the BIOS information were erased, we would have a píspales, since the system would not be able to boot.
According to Karspersky researchers, UEFI BIOS malware loads a second layer of malware onto the hard drive, infecting the system. No matter how hard the hard drive is formatted, the problem persists as the base malware is in the BIOS and cannot be removed. No matter what you do, the malware will continue to infect your system constantly.
There is no certainty, but it seems that the VectorEDK tool created by Hacking Team has been used to achieve this. This tool will modify the UEFI BIOS and inject code, such as malware. Note that Hacking Team was dismantled in 2015 when someone exposed internal emails, source code of its malware tools, etc. It seems that with part of the VectorEDK source code they have managed to inject malware into the UEFI.
[irp posts=»81970]»A problem without solution and without responsible
Kaspersky is currently working on finding out the identity of the creators of this dangerous malware that infects UEFI BIOSes. The first hypotheses point to a team of Chinese crackers. This hypothesis is due to the fact that the malware has been found on two computers belonging to diplomats based in Asia. It has also been detected that part of the code has references in South Korean and Simplified Chinese. In addition, they are believed to have used Royal Road, a document creation tool widely used by Chinese crackers.
The only time anything similar was detected was in 2018 with the LoJax malware, which does something similar to this malware. As this is the second time this has happened, it means that more attention should be paid to the UEFI BIOS. It is possible that new security measures will be implemented for this.
Note that the UEFI BIOS is usually quite isolated and accessing it is really difficult. That malware can be loaded that runs constantly infecting systems is quite dangerous. Furthermore, it is practically undetectable and impossible to erase without damaging the equipment.
[irp]Source: Kaspersky
