You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Security researches say they've discovered the first known instance of a rootkit that targets the Windows Unified Extensible Firmware Interface (UEFI), which is that bit of code on newer versions of the best gaming motherboards that many people still refer to (incorrectly) as the BIOS.
UEFI firmware has largely replaced the traditional BIOS, or Basic Input/Output System, because it has several advantages—it offers a slicker interface that makes navigating settings easier, it allows systems to boot from larger storage drives, and most importantly, it's more secure. How To Geek has a pretty good breakdown of the differences between UEFI and traditional BIOS chips, but those are the main points.
Rootkits are types of malware that attack systems at deep levels. There are different kinds of rootkits, which are typically difficult to detect and remove, in part because they load before the operating system.
During a recent security conference, Frédéric Vachon, a malware researcher at ESET, talked about the discovery of the first-ever instance of a rootkit in the wild that has targeted UEFI systems in successful attacks.
"UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level," Vachon said.
Researchers named the rootkit LoJax because it's based on a compromised version of Absolute Software's LoJack recovery software, which is supposed to help victims of stolen laptops to silently track and locate their pilfered system.
LoJack makes this possible by executing code before the OS loads, and before any antivirus software is launched. So even if a thief replaces the stolen laptop's storage drive, LoJack will still ping its location to the rightful owner.
The same goes for LoJax, which is based on a vulnerable 2009 version of LoJack that is easily altered. As with many strains of malware, deploying it starts with a phishing email or otherwise tricking a user into downloading and installing a dropper agent.
"Once I have a foothold on the machine I can use this tool to deploy the UEFI rootkit," Vachon explained.
ESET actually wrote about this in September of last year. At the time, ESET noted that some UEFI rootkits have been presented as proofs of concept, while others are known to be used by government agencies.
"However, no UEFI rootkit has ever been detected in the wild—until we discovered a campagn by the Sednit APT group that successfully deployed a malicious UEFI module on a victim's system," ESET said.
It's known that Sednit agents were developing LoJax as far back as May of last year, but September was the first time it was spotted in live campaigns. Hopefully this doesn't become a trend in 2019.
