Kaspersky security researchers have discovered a new malware that attacks the UEFI of a computer. If you don’t know what this means, what it means is that it is a type of attack that affects your motherboard’s firmware (low-level program that controls the device’s circuitry) rather than the operating system (Windows, Linux , macOS).
This means that the malware is capable of hiding in a place where neither a format of your disk or complete reinstallation of the system will be able to eliminate it. This is the third known case of “MoonBounce” that has been detected since 2021, they are very sophisticated attacks and thanks to how elusive and persistent they can be, it is likely that they are even more widespread than is believed and are being used for cyber espionage.
MoonBounce is what is known as a “firmware bootkit“, a malicious implant that hides in the firmware of the UEFI (Unified Extensible Firmware Interface). That is, a malware that hides in the code that is stored in the memory of the motherboard of your computer and that has the instructions necessary to control the operations of all the circuits of your equipment.
Updating the firmware is increasingly necessary but very little accessible
If you are not a regular reader of Genbeta or do not have the profile of a user who reads about technology and wants to know a little more about the systems and devices you use, it is very likely that you have no idea what the BIOS or UEFI is. your computer.
UEFI is basically a more modern and secure version of the BIOS, if you want to understand in more detail the differences between one and the other, you can read this comparison on Engadget. Be that as it may, even if you are more familiar with this component or have even played around with its settings, you may still do not be part of the very small number of users who have ever updated their firmware.
Unlike updating Windows, which is as simple as opening Windows Update and making a couple of clicks, In order to update the UEFI/BIOS you usually have to download the new firmware manually from your motherboard manufacturer’s website..
Although some manufacturers already offer options to do it directly from the UEFI, it is still preferable and more reliable to download the firmware and save it on an external device to prevent an error in a very critical process.
For all this, obviously you must know the exact model of your computer or motherboardand you should know how to boot from UEFI, navigate through its (sometimes very unfriendly) interface, and find the options for flash the new firmware. Even if you learn to do all of this, it does not guarantee that you will be protected against current and future threats.
The existence of updated firmware for your board depends on how modern it is and how long it has been supported by its manufacturer., not all models will have firmware versions with the necessary patches to deal with the latest vulnerabilities. Unlike Windows, it’s not a one-size-fits-all solution.
This increasingly advanced and sophisticated type of malware that affects the UEFI level, is extremely difficult to detect, and puts in perspective the importance of keeping the firmware of the equipment up to date. However, this is still a very unfriendly process for the average user, and too unknown and “mystical” for the general public.