Kaspersky researchers report CosmicStrand , a malicious program that hides in motherboard UEFI images and is difficult to eradicate. The malicious program’s developers are believed to speak Chinese. Qihoo researchers reported in 2017 that the spy shadow Trojan will infect the BIOS boot module in UEFI compatibility mode, and UEFI+GPT mode will not be affected. The malicious code may be flashed into the motherboard BIOS by the programmer and sold and circulated through e-commerce channels. The CosmicStrand discovered by Kaspersky infected Asus and Gigabyte motherboards, and the attackers injected a modified version of the CSMCORE DXE driver into the firmware. Victims were distributed in China, Iran, Vietnam, and Russia.
This article is reprinted from: https://www.solidot.org/story?sid=72253
This site is for inclusion only, and the copyright belongs to the original author.