Découverte d'un logiciel malveillant de microprogrammation UEFI, ce qui ouvre la voie à de futures attaques par rootkit

Everyone hates malware, especially when it’s ultra nefarious. Fortunately, for years malware has been relatively easy to avoid if you take basic precautions, but that may not be the case for much longer, as a new class of rootkit that can infect your UEFI/BIOS has been spotted by Kaspersky engineers, who claim that this malware is so good at hiding, that even a wipe of your SSD won’t clear it out.

Although antivirus and Windows Defender usually stop malware in their tracks, if they don’t, you can usually rely on an old school format just to clear out whatever’s been giving you some trouble. The problem with a UEFI rootkit, however, is that it doesn’t reside on your hard drive or SSD, it lives on the small BIOS chip on each motherboard. That makes it incredibly hard to get rid of.

The new malware is based on an evolved version of the Spy Shadow Trojan from 2016, and it’s been discovered on both Asus and Gigabyte motherboards. Fortunately, so far it’s been exclusively older H81 motherboards running older UEFI, so it may be that simply updating your motherboard’s firmware will be enough to remove it and newer boards don’t appear affected so far.

That could change in the future though. The Kaspersky engineers warned: “the multiple rootkits discovered so far evidence a blind spot in our industry that needs to be addressed sooner rather than later.”

Look out for firmware security patches coming to a system near you.