Post by Apdhttps://www.wired.com/2015/02/nsa-firmware-hacking/
(firmware)
https://www.geek.com/apps/nsa-malware-found-hiding-in-hard-drives-for-almost-20-years-1615949/
(firmware)
https://superuser.com/questions/1427188/unveil-hidden-partitions-created-by-malware-in-windows
(hidden partition)
It's unclear if there's a hidden partition in that last link. It could
be an infected UEFI bios, or something else entirely.
UEFIs (most) are bigger than an XP install. Could something
hide in that? (rhetorical).
Malware in hidden partitions is "old" tech.
Post by ApdIf it is loaded into memory before the OS loads, it has access
to everything (network and files). Even any Linux/Apple partitions or
cloud storage you might have. It's a sophisticated rootkit.
The payload can be anything. Just plain political spying to
stealing banking/administrative passwords or even ransom.
Yes, I know about advanced rootkits and state-sponsored malware. It is
way more than ransomware needs to do it's job. The spook stuff is well
targeted, usually by 0-day exploits on USB sticks which the targets
are encouraged to plug in their air-gapped systems. It's something
that needs to stay hidden, not "all ur files are belong to us!"
screamed out from an uncloseable pop-up window. Not saying it's
impossible, just unlikely in this scenario as users don't put their
stuff in hidden partitions. It's beyond the capabilities of the
average malware author and not worth the effort anyway.
I wasn't talking about HOW the infection took place. That's
the "sophisticated" part.
The average user does not use air-gapped systems. He just
clicks on unknown files he receives in his email with names like "I
know what you did on Saturday night" (no extension visible, but with a
nice PDF or WMP icon).
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
That one has been in the wild for at least 5 years.
[]'s
Post by ApdWeird, the original Kaspersky report has been removed from
archive.org. I get a "Bummer, that page cannot be found"
Oo-er!
--
Don't be evil - Google 2004
We have a new policy - Google 2012