The Unified Extensible Firmware Interface (UEFI) is the software that lives on your computer’s motherboard. It’s the first thing to turn on when you boot up the system, and that allows it access to almost every part of the operating system. It will also persist after reboots, formats, and even system component replacement. Since the UEFI resides on a flash memory chip soldered to the board, it’s very hard to inspect for malware and even harder to purge.

So, if you want to own a system and reduce the likelihood of getting caught, UEFI malware is the way to go. The problem is that it’s very difficult to get malicious code into UEFI systems. Still, Kaspersky integrated a special firmware scanner into its antivirus products in 2019. Now, the firm says it has detected the second known instance of UEFI malware, which it calls MosaicRegressor. 

The infection was discovered on just two computers, both belonging to diplomatic officials in Asia. The full exploit chain is long and varied, allowing the attackers to load multiple modules to control the target system and steal data. However, it all starts with the UEFI loader. On each boot, MosaicRegressor checks to see if its malicious “IntelUpdate.exe” file is in the Windows startup folder. If not, it adds the file. This is the gateway to all the other nasty things MosaicRegressor can do. We don’t even know the full extent of the operation’s capabilities, as Kaspersky was only able to capture a handful of the malware modules. The team has confirmed MosaicRegressor can exfiltrate documents from the infected systems, though. 

Kaspersky researchers note that the attack appears to come from a Chinese-speaking individual or group — it may be a tool developed by the Chinese government for all we know. Kaspersky was unable to determine how the original UEFI code was altered, but the team made some educated guesses based on a piece of 2015 UEFI malware. That exploit required physical access to the machine, making it unlikely anyone other than the targets would get infected. That suggests a professional operation orchestrated by an intelligence agency, but we’re unlikely to ever get confirmation of that.

© 1996-2020 Ziff Davis, LLC. PCMag Digital GroupExtremeTech is among the federally registered trademarks of Ziff Davis, LLC and may not be used by third parties without explicit permission.


Computer, Rootkit, Computer security, Unified Extensible Firmware Interface, Kaspersky

World news – US – Kaspersky Finds Sophisticated UEFI Malware in the Wild – ExtremeTech

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici


Please enter your comment!
Please enter your name here