Kaspersky security researchers have discovered a new malware that attacks the UEFI of a computer. If you don't know what this means, what it means is that it is a type of attack that affects your motherboard's firmware (low-level program that controls the device's circuitry) rather than the operating system (Windows, Linux , macOS).
This means that the malware is able to hide in a place where even a drive format or complete system reinstallation will not be able to remove it. This is the third known case of "MoonBounce" that has been detected since 2021, they are very sophisticated attacks and thanks to how elusive and persistent they can be, it is likely that they are even more widespread than is believed and are being used for cyber espionage.
MoonBounce is what is known as a "firmware bootkit", a malicious implant that hides in the UEFI (Unified Extensible Firmware Interface) firmware. In other words, malware that hides in the code that is stored in the memory of your computer's motherboard and that has the necessary instructions to control the operations of all the circuits in your computer.
Updating the firmware is increasingly necessary but very little accessible
If you are not a regular reader of Genbeta or do not have the profile of a user who reads about technology and wants to know a little more about the systems and devices you use, it is very likely that you have no idea what the BIOS or UEFI is. your computer.
UEFI is basically a more modern and secure version of the BIOS, if you want to understand in more detail the differences between one and the other, you can read this comparison in Engadget. Be that as it may, even if you are more familiar with this component or have even played with its configuration, you may still not be part of the very small number of users who have ever updated their firmware.
Unlike updating Windows which is as simple as opening Windows Update and doing a few clicks, in order to update the UEFI/BIOS you usually have to download the new firmware manually from your motherboard manufacturer's website.
Although some manufacturers already offer options to do it directly from the UEFI, it is still preferable and more reliable to download the firmware and save it on an external device to prevent an error in a very critical process.
For all this, you obviously need to know the exact model of your computer or motherboard, and you need to know how to boot from UEFI, navigate through its (sometimes very unfriendly) interface, and find the options to flash the new firmware. Even if you learn to do all of this, it does not guarantee that you will be protected against current and future threats.
The existence of updated firmware for your board depends on how modern it is and how long it has been supported by its manufacturer, not all models will have firmware versions with the necessary patches to deal with the latest vulnerabilities. Unlike Windows, it's not a one-size-fits-all solution.
This increasingly advanced and sophisticated type of malware that affects the UEFI level, is extremely difficult to detect, and puts in perspective the importance of keeping the firmware of the equipment up to date. However, this is still a very unfriendly process for the average user, and too unknown and "mystical" for the general public.
