Security News > 2021 > October > ESPecter Bootkit Malware Haunts Victims with Persistent Espionage

A rare Windows UEFI bootkit malware has been discovered, offering attackers a path to cyber-espionage, researchers are warning.

It's an ideal place to plant malware to ensure its persistence, since UEFI loads no matter what changes or restarts the OS goes through.

Interestingly, ESET's technical analysis of ESPecter shows that its beginnings stretch back to 2012 and using Master Boot Record modification as its persistence method.

Researchers aren't sure yet how it's distributed, but once ESPecter finds its way onto a PC, it begins its UEFI infection by modifying a legitimate Windows Boot Manager binary.

ESET researchers said that they don't know how ESPecter is specifically distributed, but for initial compromise, it's likely that it takes advantage of one of the various UEFI firmware vulnerabilities that allow disabling or bypassing Secure Boot.

Malicious bootkits are rare to find in the wild, ESET noted, with "Only three real-world cases of UEFI malware [having] been discovered" prior to ESPecter.

News URL

https://threatpost.com/especter-bootkit-malware-espionage/175366/