Windows PCs from ASUS and Gigabyte are being impacted by the "CosmicStrand" UEFI Rootkit
Currently, systems from ASUS and Gigabyte are affected
Published: 27th July 2022 | Source: Kaspersky |
Kaspersky uncovers the "CosmicStrand" UEFI malware, and it can stay with you after Windows re-installs
Researchers as Kaspersky have uncovered a new rootkit that called "CosmicStrand" that is has found its way onto Windows PCs in China, Iran, Vietnam, and Russia. The rootkit has been classified as a "advanced persistent threat" (APT) due to its ability to re-install itself onto systems after a fresh Windows install, thanks to its ability to install itself on your motherboard's UEFI.
This new malware is a new variant of "Spy Dragon Trojan", which first infected systems back in 2016/2017. So far, Kaspersky has only found that Windows PCs are affected by this new malware, and that the rootkit has been found on systems made by ASUS and Gigabyte. The only way to clean a system that's infected by this malware is to re-install your motherboard's UEFI. No number of new Windows installs will remove this malware from your system, as fresh Windows installs would simply become re-infected.
Currently, Kaspersky has been unable to identify the source of this new rootkit, or how the rootkit made its way onto infected systems in the first place. Kaspersky recommends that businesses regularly update the firmware of their systems and to only use firmware from trusted vendors to prevent their systems from being affected by this threat. That said, the rootkit has reportedly only affected private individuals in affected nations, not companies or organisations.
Below is a comment from Kaspersky's Ivan Kwiatkowski, a senior security researcher.
Despite being recently discovered, the CosmicStrand UEFI firmware rootkit seems to have been being deployed for quite a long time. This indicates that some threat actors have had very advanced capabilities that they’ve managed to keep under the radar. We are left to wonder what new tools they have created in the meantime that we have yet to discover.
Right now, CosmicStrand has only been found on systems in China, Vietnam, Iran, and Russia, which means that CosmicStrand has not made in it onto western systems.