China virus - of the UEFI flavour - :O
zen at freedbms.net
Tue Oct 6 04:47:17 PDT 2020
Another China virus ("read my lips: Chai-nah vai-russ"), this time going all the way down to the mobo's UEFI:
Kaspersky Finds Sophisticated UEFI Malware in the Wild
... MosaicRegressor .. The infection was discovered on just two
computers, both belonging to diplomatic officials in Asia. The full
exploit chain is long and varied, allowing the attackers to load multiple
modules to control the target system and steal data. However, it all
starts with the UEFI loader. On each boot, MosaicRegressor checks to see
if its malicious “IntelUpdate.exe” file is in the Windows startup folder.
If not, it adds the file.
More information about the cypherpunks