Cougar Terminator gaming chair review
G.Skill TridentZ5 RGB DDR5 7200 CL34 2x16 GB review
ASUS TUF Gaming B760-PLUS WIFI D4 review
Netac NV7000 2 TB NVMe SSD Review
ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled
Older Asus and Gigabyte H81 Mobo Firmwares infected with malware?
Since at least 2016, hackers have been utilizing a UEFI rootkit buried virtually undetectable in the firmware images of several mainboards. The virus, called CosmicStrand has now been discovered on Asus motherboards and Gigabyte motherboard firmware.
The benefit of utilizing a UEFI rootkit is that the UEFI code is already executing when the machine boots. As a consequence, because the operating system's security features have not yet been loaded, they do not even come into action. It's also proving tough to pinpoint afflicted machines. Of course, reinstalling the operating system or replacing the storage drive does not help at this point.
Kaspersky Lab has released further technical information regarding CosmicStrand. The virus, according to the researchers, customizes the operating system's loader and takes complete control. A command and control server is then used to reload further malware. The corrupted firmware images, according to Mark Lechtik, were provided with a modified CSMCORE DXE driver that supports a legacy boot procedure. " This driver has been tampered with in order to intercept the boot routine and insert malicious logic."
The CosmicStrand UEFI rootkit was discovered in firmware images of Gigabyte or Asus motherboards with a H81 chipset, according to Kaspersky. This is hardware from 2013 to 2015, the majority of which has already been discontinued. Physical access is necessary to install the virus on the affected boards, or a prior version of the malware must be present on the system. This enables the corrupted firmware image to be automatically patched.
Based on the assessed PCs of the victims, the Russian security firm was unable to make any clear conclusions regarding the threat actor. The systems came from private individuals in China, Iran, Vietnam and Russia. There were no resemblances. A connection to the MyKings cryptomining botnet can only be assumed based on code samples. Sophos malware experts discovered artifacts here that point to Chinese hackers.
schmidtbag
Senior Member
Posts: 7255
Joined: 2012-11-10
Senior Member
Posts: 7255
Joined: 2012-11-10
#6037336 Posted on: 07/27/2022 03:04 PM
Imagine if ComicStrand would instead make all monospaced fonts Comic Sans. That would be one hell of a virus.
Imagine if ComicStrand would instead make all monospaced fonts Comic Sans. That would be one hell of a virus.
fantaskarsef
Senior Member
Posts: 14314
Joined: 2014-07-21
Senior Member
Posts: 14314
Joined: 2014-07-21
#6037344 Posted on: 07/27/2022 03:09 PM
A connection to the MyKings cryptomining botnet can only be assumed based on code samples.
reix2x
Senior Member
Posts: 654
Joined: 2010-01-20
Senior Member
Posts: 654
Joined: 2010-01-20
#6037388 Posted on: 07/27/2022 06:33 PM
"Kaspersky Lab has released further technical information regarding CosmicStrand". wow i though Kaspersky lab just make virus like "anti-malware" software
"Kaspersky Lab has released further technical information regarding CosmicStrand". wow i though Kaspersky lab just make virus like "anti-malware" software
Astyanax
Senior Member
Posts: 15391
Joined: 2018-03-21
Senior Member
Posts: 15391
Joined: 2018-03-21
#6037392 Posted on: 07/27/2022 06:40 PM
These mainboards can be cleaned by replacing the cmos chips or usb flashback to overwrite the entire nand partition.
These mainboards can be cleaned by replacing the cmos chips or usb flashback to overwrite the entire nand partition.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 13721
Joined: 2013-01-17
You mean beside IMEI?