When a hacking organization’s secret tools are stolen and dumped online for anyone to pick up and repurpose, the consequences can roil the globe. Now one new discovery shows how long those effects can persist. Five years after the notorious spy contractor Hacking Team had its code leaked online, a customized version of one of its stealthiest spyware samples has shown up in the hands of possibly Chinese-speaking hackers.
At an online version of the Kaspersky Security Analyst Summit today, researchers Mark Lechtik and Igor Kuznetsov plan to present their findings about that mysterious malware sample, which they detected on the PCs of two of Kaspersky's customers earlier this year. The malware is particularly unusual—and disturbing—because it's designed to alter a target computer’s Unified Extensible Firmware Interface, the firmware that is used to load the computer’s operating system. Because the UEFI sits on a chip on the computer’s motherboard outside of its hard drive, infections can persist even if a computer’s entire hard drive is wiped or its operating system is reinstalled, making it far harder to detect or disinfect than normal malware.
The malware the Kaspersky researchers discovered uses its UEFI foothold to plant a second, more traditional piece of spyware on the computer's hard drive, a unique piece of code Kaspersky has called MosaicRegressor. But even if that second-stage payload is discovered and wiped, the UEFI remains infected and can simply deploy it again. "Even if you would take the physical disk out and replace it with a new one, the malware will keep reappearing," says Lechtik, who along with Kuznetsov works as a researcher on Kaspersky's Global Research and Analysis Team. "So I think to date, it's the most ..
Support the originator by clicking the read the rest link below.
