You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Researchers at cybersecurity company Kaspersky have discovered a new form of malware that resides in the motherboard's UEFI. The malware is a form of rootkit that remains present even after the host hard drive or SSD is wiped or replaced.
The Kaspersky engineers (via Bleeping Computer) named it CosmicStrand. It's reported to be an evolution of an earlier malware called Spy Shadow Trojan which was discovered as far back as 2016. The researchers found the CosmicStrand malware in the firmware of Asus and Gigabyte motherboards. Don’t panic though! I’ll explain.
The infected systems ran motherboards based on the H81 chipset, which dates back many years. An attacker would also need access to the system or need to install a different malware to update or patch the firmware to inject the CosmicStrand malware. So if you’re reading this, don’t think that Asus or Gigabyte systems have been insecure for all of these years or that your system is compromised. Until there is further research, it may be that CosmicStrand can only take advantage of a possible H81 UEFI vulnerability.
The malware sets up a series of hooks that allow Windows kernel access, eventually leading the infected OS to retrieve a payload that will execute on the victim’s machine. The Kaspersky engineers weren’t able to retrieve the payload itself, but they believe the malware shares code patterns with a Chinese group responsible for the MyKings crypto mining botnet.
And that’s what this sort of thing is usually about: scumbags trying to steal or make money.
Best CPU for gaming: The top chips from Intel and AMD
Best gaming motherboard: The right boards
Best graphics card: Your perfect pixel-pusher awaits
Best SSD for gaming: Get into the game ahead of the rest
The UEFI, or Unified Extensible Firmware Interface, is almost like a mini OS. It's the interface between the hardware and software of the system, meaning it influences the OS and all of the software of the system. The UEFI is usually secure and it requires specific code knowledge. Hence, there are very few known UEFI threats.
Kaspersky’s report states "the multiple rootkits discovered so far evidence a blind spot in our industry that needs to be addressed sooner rather than later."
So, while the threat is limited, it shines a spotlight on the need for the industry to pay close attention to possible vulnerabilities. The lure of a million infected machines covertly mining a crypto coin is a huge dangling carrot for a malicious actor.
