Moonbounce is a persistent malware that can survive drive formats and OS reinstalls

Discussion in 'malware problems & news' started by stapp, Jan 26, 2022.

  1. stapp

    stapp Global Moderator

    https://www.ghacks.net/2022/01/25/m...-can-survive-drive-formats-and-os-reinstalls/
     
    stapp, Jan 26, 2022
    #1
  2. Mr.X

    Mr.X Registered Member

    Ok but how Moonbounce gets in the PC in the first place?
     
    Mr.X, Jan 26, 2022
    #2
  3. hawki

    hawki Registered Member

    hawki, Jan 26, 2022
    #3
  4. Mr.X

    Mr.X Registered Member

    Apparently this bootkit attacks UEFI firmware only, not BIOS systems.
    If so, I'm safe for now.
     
    Mr.X, Jan 26, 2022
    #4
  5. aztony

    aztony Registered Member

    So legacy BIOS presumably is, so far, seemingly immune. But for how long??
     
    aztony, Jan 26, 2022
    #5
  6. itman

    itman Registered Member

    itman, Jan 26, 2022
    #6
  7. wat0114

    wat0114 Registered Member

    Enabling Secure boot and/or adding a password to access UEFI should prevent this, according to the article.
     
    wat0114, Jan 26, 2022
    #7
  8. Mr.X

    Mr.X Registered Member

    I see in those articles some tools to monitor and protect firmware integrity in hardware but they're for enterprises. Hence quite expensive.

    How about, for the average home user, to re-flash the UEFI/BIOS firmware regularly. Just in case.
     
    Mr.X, Jan 26, 2022
    #8
  9. Freki123

    Freki123 Registered Member

    If you are not special (like state targeted) I would just use a secure boot and a bios/uefi password. A firmware flash can always go wrong and some mainboards don't have a backup bios. I wouldn't want to force my "flashing" luck :D
     
    Freki123, Jan 27, 2022
    #9
  10. xxJackxx

    xxJackxx Registered Member

    Agreed. Not something I would do just as preventative security. I had a PC in the past that would fail to finish a flash. Fortunately I was able to buy a chip that was already flashed with the correct firmware. After I paid for that and the tool to extract the old one it still wasn't cheap despite that the entire machine would have been bricked had I not had that option.
     
    xxJackxx, Feb 4, 2022
    #10
  11. Rasheed187

    Rasheed187 Registered Member

    I assume you first still need to run malware before it can infect the UEFI. So either the user needs to run it, or they can use some exploit to run the malware automatically. But if this is the case, it's not clear to me how AV's can block it from infecting the UEFI. With normal rootkits it's enough to simply block a driver from loading.

     
    Rasheed187, Feb 7, 2022
    #11
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice