Security researchers from Kaspersky announced on Thursday that they have discovered a new bootkit that can infect a computer's UEFI.
What makes MoonBounce (the name given to the bootkit) special is the fact that the malware is not hidden in the part of the hard drive called the ESP (EFI System Partition), where the UEFI code is usually located. On the contrary, it infects the SPI located on the motherboard.
This means that, unlike similar bootkits, users can not reinstall the operating system or replace the hard drive, as the bootkit will remain on the infected device until the SPI memory restarts (a very complicated process) or change the motherboard.
According to Kaspersky, MoonBounce is the third UEFI bootkit they have seen so far that can be found in SPI memory. The previous malware was LoJax and MosaicRegressor.
In addition, the discovery of MoonBounce comes after the discovery of additional UEFI bootkit in recent months, such as ESPectre, FinSpy's UEFI bootkit and others, which led Kaspersky's team to conclude that what was once considered impossible has gradually become the norm.
Kaspersky Security Group proposes:
"As a security measure against this attack and similar attacks, it is recommended to regularly update the UEFI firmware and verify that BootGuard, where available, is enabled. It is also advisable to activate the modules Trust Platform, in case it is supported by the machine ”.
Registration in iGuRu.gr via email
Follow us on Google News