Security News > 2023 > June > Pirated Windows 10 ISOs install clipper malware via EFI partitions
Hackers are distributing Windows 10 using torrents that hide cryptocurrency hijackers in the EFI partition to evade detection.
The EFI partition is a small system partition containing the bootloader and related files executed before the operating system's startup.
It is essential for UEFI-powered systems that replace the now-obsolete BIOS. There have been attacks utilizing modified EFI partitions to activate malware from outside the context of the OS and its defense tools, like in the case of BlackLotus.
The pirated Windows 10 ISOs discovered by researchers at Dr. Web merely use EFI as a safe storage space for the clipper components.
Since standard antivirus tools do not commonly scan the EFI partition, the malware can potentially bypass malware detections.
Exe is then launched, which injects the clipper malware DLL into the legitimate %WINDIR%System32Lsaiso.
News URL
Related news
- Windows 10 KB5043064 update released with 6 fixes, security updates (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Windows users targeted with fake human verification pages delivering malware (source)
- Windows 10 KB5043131 update released with 9 changes and fixes (source)
- New Windows Malware Locks Computer in Kiosk Mode (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Windows 10 KB5045594 update fixes multi-function printer bugs (source)