Why You Shouldn't Use Microsoft Windows11.

...

LMDE5 - Linux Mint Debian Edition.

LMDE5 -...

Why Should I Not Use Windows10?

Here are a...

CosmicStrand UEFI Firmware Rootkit 2022

English

CosmicStrand UEFI Firmware Rootkit 2022.

A new kind of sophisticated Unified Extensible Firmware Interface (UEFI) firmware rootkit called CosmicStrand has been found by experts, who says that its an unknown Chinese-speaking threat actor behind it.

An early variant of this Malware was discovered in 2017 by Qihoo360.

It is still unknown how the victims motherboards were infected, but the rootkit was found located in the firmware images of Gigabyte and ASUS motherboards. Specifically those using designs with the H81 chipset.

Kaspersky security researchers said "This suggests that a common vulnerability may exist that allowed the attackers to inject their rootkit into the firmware’s image."

"In these firmware images, modifications have been introduced into the CSMCORE DXE driver, whose entry point has been patched to redirect to code added in the .reloc section. This code, executed during system startup, triggers a long execution chain which results in the download and deployment of a malicious component inside Windows."

The theory is that the motherboards were flashed with the Malware infected images, before being sold to a second-hand reseller.

Victims of the CosmicStrand rootkit were found in China, Vietnam, Iran and Russia.

This UEFI implant seems to have been used in the wild since the end of 2016.

It is particularly invasive because it survives an OS reinstall and hard disk replacement and it can only be removed by re-flashing the firmware of the motherboard or buy a brand new motherboard.

 

Help us by donating a small amount

 
If you find this site helpful, please consider donating a small amount.
Please use our contact us form and we will give you the relevant information to make a donation.
We accept BitCoin and ZCash at the moment.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers

NordVPN + 3 Months