New UEFI bootkit used to backdoor Windows devices since 2012


A newly discovered and previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit has been used by attackers to backdoor Windows systems by hijacking the Windows Boot Manager since 2012.

Bootkits are malicious code planted in the firmware (sometimes targeting UEFI) invisible to security software that runs within the operating system since the malware is designed to load before everything else, in the initial stage of the booting sequence.

They provide threat actors with persistence and control over an operating systems’ boot process, making it possible to sabotage OS defenses bypassing the Secure Boot mechanism if the system boot security mode is not properly configured. Enabling ‘thorough boot’ or ‘full boot’ mode would block such malware as the NSA explains.

Read more…
Source: Bleeping Computer