 |  |  |  |  |
Bootkit infects UEFI firmware
| |||||||||
|
Bootkit infects UEFI firmware
| | |||||||
 |
 |
| | Thread Tools |
26th January 2022, 11:29
| #1 |
| [M] Reviewer  Join Date: May 2010 Location: Romania
Posts: 153,575
 |  Bootkit infects UEFI firmware MoonBounce Finds SPI flaws on the motherboard Security researchers from Kaspersky said they have discovered a novel bootkit that can infect a computer's UEFI firmware. Dubbed MoonBounce the bootkit doesn't burrow and hide inside a section of the hard drive named ESP (EFI System Partition), where some UEFI code typically resides, but instead it infects the SPI flaws memory that is found on the motherboard. This means that, unlike similar bootkits, defenders can't reinstall the operating system and replace the hard drive, as the bootkit will continue to remain on the infected device until the SPI memory is re-flashed or the motherboard is replaced. According to Kaspersky, MoonBounce marks the third UEFI bootkit they have seen so far that can infect and live inside the SPI memory, following previous cases such as LoJax and MosaicRegressor. MoonBounce's discovery comes after researchers have also found additional UEFI bootkits in recent months, such as ESPectre, FinSpy's UEFI bootkit, and others, which has led the Kaspersky team to conclude that what was once considered unachievable following the rollout of the UEFI standard has gradually become the norm. https://fudzilla.com/news/54262-boot...-uefi-firmware |
|  |
|
| Thread Tools | |
| |
