New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild

2020-10-06 01:33

Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware.

The campaign involved the use of a compromised UEFI containing a malicious implant, making it the second known public case where a UEFI rootkit has been used in the wild.

According to Kaspersky, the rogue UEFI firmware images were modified to incorporate several malicious modules, which were then used to drop malware on victim machines in a series of targeted cyberattacks directed against diplomats and members of an NGO from Africa, Asia, and Europe.

UEFI is a firmware interface and a replacement for BIOS that improves security, ensuring that no malware has tampered with the boot process.

The new UEFI malware is a custom version of the Hacking Team's VectorEDK bootkit, which was leaked in 2015 and has since been available online.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/F68l6mmF7qA/uefi-bootkit-malware.html

#malware #uefi