New Chinese Malware Found To Be Difficult To Remove From A PC

Keep your systems secure

Tweet
Share
WhatsApp
moonbounce malware linked to chinese espionage group
Source: iStockphoto/solarseven

Kaspersky’s security researchers have found another malware, MoonBounce, that can infect a computer’s UEFI firmware. Researchers believe the malware is from APT41, a cyber-espionage group working for the Chinese government.

Unlike other bootkits, MoonBounce does not hide in the hard drive but instead in the SPI memory of the motherboard. Due to this, the malware will remain on the PC even after reinstalling the OS or replacing the hard drive. The only way to remove the MoonBounce is to reflash the SPI memory or replace the motherboard.

This is not the first malware that can infect and live inside the SPI memory of the motherboard. Researchers have found similar malware such as ESPectreFinSpy’s UEFI bootkitLoJax, and MosaicRegressor.

According to Kaspersky’s team, this was once considered unachievable but gradually became the norm. All of this is after the rollout of the UEFI standard.

Moonbounce Malware Linked To Chinese Espionage Group

Researchers have found that MoonBounce can be used to maintain access to an infected host. It can also deploy additional malware to infect the system further.

Researchers found MoonBounce bootkit on the network of a transportation services company. Based on other malware deployed on the infected network, they believe it was the work of APT41, a cyber-espionage group working for the Chinese government.

As a safety measure, the team at Kaspersky suggests updating the UEFI firmware regularly. They also mention enabling BootGuard and Trust Platform Modules. For now, these are the only measures we can take other than leaving it to our antivirus software.

Nalin Rawat

Nalin Rawat

Nalin is a tech writer who covers VR, gaming, awesome new gadgets, and the occasional trending affairs of the tech industry. He has been writing about tech and gaming since he started pursuing Journalism in college. He has also previously worked in print organizations like The Statesman and Business Standard. In his free time, he plays FPS games and explores virtual reality. Reach out to him at @NalinRawat
More From Fossbytes

Latest On Fossbytes

Find your dream job