China virus - of the UEFI flavour - :O
Another China virus ("read my lips: Chai-nah vai-russ"), this time going all the way down to the mobo's UEFI: Kaspersky Finds Sophisticated UEFI Malware in the Wild https://www.extremetech.com/computing/315860-kaspersky-finds-sophisticated-u... ... MosaicRegressor .. The infection was discovered on just two computers, both belonging to diplomatic officials in Asia. The full exploit chain is long and varied, allowing the attackers to load multiple modules to control the target system and steal data. However, it all starts with the UEFI loader. On each boot, MosaicRegressor checks to see if its malicious “IntelUpdate.exe” file is in the Windows startup folder. If not, it adds the file. ...
BTW there is a new UEFI and human behavior vulnerability discovered. To state the obvious, there are even more undiscovered ones, and many are using them. To state the unobvious, nobody is discussing what to do about that anymore, which means we're all hacked, and we don't know by whom. Whee! On Tue, Oct 6, 2020, 7:47 AM Zenaan Harkness <zen@freedbms.net> wrote:
Another China virus ("read my lips: Chai-nah vai-russ"), this time going all the way down to the mobo's UEFI:
Kaspersky Finds Sophisticated UEFI Malware in the Wild
https://www.extremetech.com/computing/315860-kaspersky-finds-sophisticated-u...
... MosaicRegressor .. The infection was discovered on just two computers, both belonging to diplomatic officials in Asia. The full exploit chain is long and varied, allowing the attackers to load multiple modules to control the target system and steal data. However, it all starts with the UEFI loader. On each boot, MosaicRegressor checks to see if its malicious “IntelUpdate.exe” file is in the Windows startup folder. If not, it adds the file. ...
participants (2)
-
Karl
-
Zenaan Harkness