Russian antivirus maker Kaspersky has said it uncovered "rogue UEFI firmware images" seemingly developed by black hats with links to China.
The rogue images had been "modified from their benign counterpart to incorporate several malicious modules", according to a post on Kaspersky's Securelist blog, which named the attack MosaicRegressor.
"MosaicRegressor is a multi-stage and modular framework aimed at espionage and data gathering. It consists of downloaders, and occasionally multiple intermediate loaders, that are intended to fetch and execute payload on victim machines," said Kaspersky in a statement.
The firm explained that UEFI malware, being "typically shipped within SPI flash storage that is soldered to the computer's motherboard", is by its nature "resistant to OS reinstallation or replacement of the hard drive". The technique shot to public prominence in 2015 when malware-for-governments purveyor Hacking ..
Support the originator by clicking the read the rest link below.
