Kaspersky security researchers have discovered a new malware that attacks the UEFI of a computer. If you don’t know what this means, what it means is that it is a type of attack that affects the firmware of your motherboard (low-level program that controls the circuitry of the device) instead of the operating system (Windows, Linux , macOS).
This means that the malware is able to hide in a place where not even a format of your disk or complete reinstallation of the system will be able to eliminate it. This is the third known case of “MoonBounce” that has been detected since 2021, they are very sophisticated attacks and thanks to how elusive and persistent they can be, it is likely that they are even more widespread than is believed and are being used for cyber espionage.
MoonBounce is what is known as a “firmware bootkit“, a malicious implant that hides in the UEFI (Unified Extensible Firmware Interface) firmware. In other words, malware that hides in the code that is stored in the memory of your computer’s motherboard and that has the necessary instructions to control the operations of all the circuits in your computer.
Updating the firmware is increasingly necessary but very little accessible
An Asus motherboard UEFI BIOS
If you are not a regular reader of Genbeta or you do not have the profile of a user who reads about technology and wants to know a little more about the systems and devices you use, it is very likely that you have no idea what the BIOS is or UEFI of your computer.
UEFI is basically a more modern and secure version of the BIOS, if you want to understand in more detail the differences between one and the other, you can read this comparison on Engadget. Be that as it may, even if you are more familiar with this component or have even played with its configuration, you may still not be part of the very small number of users who have ever updated their firmware.
UEFI and BIOS: what are the differences?
Unlike updating Windows which is as simple as opening Windows Update and doing a couple of clicks, in order to update the UEFI/BIOS you usually have to download the new firmware manually from your manufacturer’s website. motherboard.
Although some manufacturers already offer options to do it directly from the UEFI, it is still preferable and more reliable to download the firmware and save it on an external device to prevent an error in a very critical process.
One of the oldest BIOS
For all this, obviously you must know the exact model of your computer or motherboard, and you must know how to boot from UEFI, navigate through its (sometimes very unfriendly) interface, and find the options to flash the new firmware. Even if you learn to do all of this, it does not guarantee that you will be protected against current and future threats.
The existence of an updated firmware for your motherboard depends on how modern it is and how long it has been supported by its manufacturer, not all models will have firmware versions with the necessary patches to deal with the latest vulnerabilities. Unlike Windows, it’s not a one-size-fits-all solution.
This increasingly advanced and sophisticated type of malware that affects the UEFI level, is extremely difficult to detect, and puts in perspective the importance of keeping the firmware of the equipment up to date. However, this is still a very unfriendly process for the average user, and too unknown and “mystical” for the general public.