MoonBounce malware does not leave even if you change disk

Security researchers from Kaspersky announced on Thursday that they have discovered a new bootkit that can infect a computer's UEFI.

What makes MoonBounce (the name given to the bootkit) special is the fact that the malware is not hidden in the part of the hard drive called the ESP (EFI System Partition), where the UEFI code is usually located. On the contrary, it infects the SPI located on the motherboard.motherboardb

This means that, unlike similar bootkits, users can not reinstall the operating system or replace the hard drive, as the bootkit will remain on the infected device until the SPI memory restarts (a very complicated process) or change the motherboard.

According to Kaspersky, MoonBounce is the third UEFI bootkit they have seen so far that can be found in SPI memory. The previous malware was LoJax and MosaicRegressor.

  The US has legitimized the unlocking of mobile devices

In addition, the discovery of MoonBounce comes after the discovery of additional UEFI bootkit in recent months, such as ESPectre, FinSpy's UEFI bootkit and others, which led Kaspersky's team to conclude that what was once considered impossible has gradually become the norm.

Kaspersky Security Group proposes:

"As a security measure against this attack and similar attacks, it is recommended to regularly update the UEFI firmware and verify that BootGuard, where available, is enabled. It is also advisable to activate the modules Trust Platform, in case it is supported by the machine ”.

Registration in iGuRu.gr via email

Your email for sending each new post

Follow us on Google News iGuRu.gr at Google news

Leave a reply

Your email address Will not be published.

1 + 1 =  

Previous Story

SoftEther VPN 4.38 open for free and great

Next Story

Improve audio quality in Windows 10