New Chinese Malware Found To Be Difficult To Remove From A PC

Keep your systems secure

Share on twitter
Tweet
Share on facebook
Share
Share on whatsapp
WhatsApp
moonbounce malware linked to chinese espionage group
Source: iStockphoto/solarseven

Kaspersky’s security researchers have found another malware, MoonBounce, that can infect a computer’s UEFI firmware. Researchers believe the malware is from APT41, a cyber-espionage group working for the Chinese government.

Unlike other bootkits, MoonBounce does not hide in the hard drive but instead in the SPI memory of the motherboard. Due to this, the malware will remain on the PC even after reinstalling the OS or replacing the hard drive. The only way to remove the MoonBounce is to reflash the SPI memory or replace the motherboard.

This is not the first malware that can infect and live inside the SPI memory of the motherboard. Researchers have found similar malware such as ESPectreFinSpy’s UEFI bootkitLoJax, and MosaicRegressor.

According to Kaspersky’s team, this was once considered unachievable but gradually became the norm. All of this is after the rollout of the UEFI standard.

Moonbounce Malware Linked To Chinese Espionage Group

Researchers have found that MoonBounce can be used to maintain access to an infected host. It can also deploy additional malware to infect the system further.

Researchers found MoonBounce bootkit on the network of a transportation services company. Based on other malware deployed on the infected network, they believe it was the work of APT41, a cyber-espionage group working for the Chinese government.

As a safety measure, the team at Kaspersky suggests updating the UEFI firmware regularly. They also mention enabling BootGuard and Trust Platform Modules. For now, these are the only measures we can take other than leaving it to our antivirus software.

Nalin Rawat

Nalin Rawat

Just a big nerd for everything pop culture and geeky. In love with movies, comics, games, and awesome new gadgets. I have been writing about technology and gaming since college.