Published in News

Bootkit infects UEFI firmware

by on25 January 2022

MoonBounce Finds SPI flaws on the motherboard

Security researchers from Kaspersky said they have discovered a novel bootkit that can infect a computer's UEFI firmware.

Dubbed MoonBounce the bootkit doesn't burrow and hide inside a section of the hard drive named ESP (EFI System Partition), where some UEFI code typically resides, but instead it infects the SPI flaws memory that is found on the motherboard.

This means that, unlike similar bootkits, defenders can't reinstall the operating system and replace the hard drive, as the bootkit will continue to remain on the infected device until the SPI memory is re-flashed or the motherboard is replaced.

According to Kaspersky, MoonBounce marks the third UEFI bootkit they have seen so far that can infect and live inside the SPI memory, following previous cases such as LoJax and MosaicRegressor.

 MoonBounce's discovery comes after researchers have also found additional UEFI bootkits in recent months, such as ESPectre, FinSpy's UEFI bootkit, and others, which has led the Kaspersky team to conclude that what was once considered unachievable following the rollout of the UEFI standard has gradually become the norm.

Last modified on 25 January 2022
Rate this item
(3 votes)