There are many threats that can compromise our network security. Hackers are constantly improving their attack techniques for greater success. In this article we echo a new virus which is really hard to remove. One more problem that, of course, we must avoid by increasing the protection of our equipment. This malware has been detected by a group of Kaspersky security researchers.
Kaspersky finds a virus very difficult to remove
They have called this new malware MoonBounce. What it does is infect the UEFI firmware of a computer. It has the peculiarity that it is not hidden in the hard disk of the device, but rather in the SPI memory of the motherboard. It is just that which makes it really difficult to remove this threat.
What is happening? By hiding in this place of the motherboard, even if the computer is formatted and the operating system is installed again, the problem will continue. Even if we decide to change the hard drive and put a brand new one. The virus will still be there, without being eliminated.
So, it is impossible to remove MoonBounce? It is not, but it is much more complicated. In fact, the only way to kill him, as reported from Kaspersky, is to re-upgrade the SPI memory or directly replace the motherboard. It is not something that is available to anyone with a simple antivirus, as we see.
However, it must be borne in mind that this is not the first threat of this type. Other viruses had previously been detected that also hid in this memory of the motherboard, such as ESPectre, FinSpy or LoJax. At first, this was something that seemed very complex and almost impossible to do, but the truth is that little by little the interest of hackers has been growing.
Malware and access to the infected host
This group of researchers has detected that MoonBounce is capable of maintain access to the infected host. In addition, it can be used to strain additional malware and thus further infect the victim’s system. They found this malware on the network of a transport company. As for who is behind this security threat, they believe it to be APT41, a cyber espionage group working for the Chinese government.
Can we do something to be protected? The Kaspersky team recommends regularly updating the UEFI firmware. Additionally, they recommend enabling the BootGuard and Trust Platform modules. It is always important to keep everything updated and thus correct any vulnerability that may appear and become a security problem.
In addition, they also indicate that it is important to have a good antivirus. It is a tool that will help detect the entry of any type of security threat on our computers. There are many options in this regard and we must always have one that offers guarantees and is updated. You can see how wiper malware works and how it affects us.