Researchers at cybersecurity company Kaspersky have discovered a new form of malware that resides in the motherboard's UEFI. The malware is a form of rootkit that remains present even after the host hard drive or SSD is wiped or replaced.
The Kaspersky engineers (via Bleeping Computer(opens in new tab)) named it CosmicStrand(opens in new tab). It's reported to be an evolution of an earlier malware called Spy Shadow Trojan which was discovered as far back as 2016. The researchers found the CosmicStrand malware in the firmware of Asus and Gigabyte motherboards. Don’t panic though! I’ll explain.
The infected systems ran motherboards based on the H81 chipset, which dates back many years. An attacker would also need access to the system or need to install a different malware to update or patch the firmware to inject the CosmicStrand malware. So if you’re reading this, don’t think that Asus or Gigabyte systems have been insecure for all of these years or that your system is compromised. Until there is further research, it may be that CosmicStrand can only take advantage of a possible H81 UEFI vulnerability.
The malware sets up a series of hooks that allow Windows kernel access, eventually leading the infected OS to retrieve a payload that will execute on the victim’s machine. The Kaspersky engineers weren’t able to retrieve the payload itself, but they believe the malware shares code patterns with a Chinese group responsible for the MyKings crypto mining botnet. And that’s what its usually about. Scumbags trying to steal or make money.
Best CPU for gaming(opens in new tab): The top chips from Intel and AMDBest gaming motherboard(opens in new tab): The right boardsBest graphics card(opens in new tab): Your perfect pixel-pusher
Read more on pcgamer.com