Security News > 2023 > June > Pirated Windows 10 ISOs install clipper malware via EFI partitions
Hackers are distributing Windows 10 using torrents that hide cryptocurrency hijackers in the EFI partition to evade detection.
The EFI partition is a small system partition containing the bootloader and related files executed before the operating system's startup.
It is essential for UEFI-powered systems that replace the now-obsolete BIOS. There have been attacks utilizing modified EFI partitions to activate malware from outside the context of the OS and its defense tools, like in the case of BlackLotus.
The pirated Windows 10 ISOs discovered by researchers at Dr. Web merely use EFI as a safe storage space for the clipper components.
Since standard antivirus tools do not commonly scan the EFI partition, the malware can potentially bypass malware detections.
Exe is then launched, which injects the clipper malware DLL into the legitimate %WINDIR%System32Lsaiso.
News URL
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Windows 10 KB5052077 update fixes broken SSH connections (source)
- Windows 10 KB5053606 update fixes broken SSH connections (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Windows 10 KB5055518 update fixes random text when printing (source)
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)