Even Your Motherboard's BIOS Chip Isn't Secure: It's MoonBounce

Talking about viruses seemed to be the daily refrain for a few years, but if these viruses are linked to our computers, things change a bit. We have a multitude of constant dangers seeking to infect our PC, and according to a new report from Kaspersky via their blog, they have detected a new virus from a Chinese group that is said to be installed in our BIOS, making it very difficult to eliminate . moon bounce, is the name of the new threat that puts our motherboards in check.

Kaspersky warns of an increase in malware firmware type for 4 years to date, the increase in this type of virus which lodges in the Firmware

UEFA (Unified Extensible Firmware Interface). These viruses in question directly attack by implementing the malicious code by SPI BUS (Serial Peripheral Interface) which is responsible for transferring data between the integrated circuits of the equipment.

MoonBounce: Hard-to-remove malware

the new malware called MoonBoucé Unlike other more common viruses that install themselves on the hard drive of computers, infecting the disk and the files on it, this one gets strong in the bios chip, more specifically in the SPI memory of our base plate. This means that even after detecting the virus, formatting and deleting our hard drive/files does not take effect, leaving the virus in question to continue to persist over time, being immune to practically everything.

According to the antivirus company’s own statements Kaspersky via his SecureList blog:

“…The source of infection begins with a set of hooks that intercept the execution of various functions on the UEFI Boot Services

…»

“…sets additional hooks on subsequent components of the boot chain, namely the Windows loader…”

These post-hooks are used to perform function call forwarding to the malicious shellcode, which they added to CORE_DXE, as detailed by the antivirus company’s researchers on their blog.

Origin and Recent Infections of MoonBounce

For now, don’t panic. Although this type of malware is not new to install in the EUFI, it is true that it is more sophisticated than the previous ones.

This new malware, according to reports, appears to come from a group called APT41

. Much of the research work of the company when detecting a new virus of this type, consists in trying to create a traceability of it, we will follow the trail to its origin and according to the researchers, all points to the group called APT41 which is closely linked to the Chinese government.

So far, this new virus has only been detected on a specific computer of a company of an organization that controls several companies that deal in transporting technology.

In the absence of knowing more details, it is not necessary to create an alarm and we remember that both for this type of malware and for the more common viruses, it is important to always update our equipment, including the BIOS of our PC to avoid being the target of this type of malicious attacks, without our knowledge.