Security researchers have found a first-of-its-kind malware that is what’s known as a UEFI rootkit, which is hard to detect. And, because of the way it embeds, it is also difficult to remove. The Russian hacker group known as Fancy Bear—the group responsible for cyberattacks against the Democratic National Committee and the Pyeongchang Olympics, among others—is believed to be behind this sophisticated new threat, Wired reports.
Dubbed ‘LoJax,’ the malware is based on a version of an application called LoJack for Laptops, which helps users track their devices if they are stolen. As Wired notes, “If someone steals your computer, you want to make it as hard as possible for them to evade detection.” With that in mind, LoJack was designed to live in a computer’s firmware, frequently signaling back to a server to mark its position.
“Essentially, Fancy Bear figured out how to manipulate code from a decade-old version of LoJack to get it to call back not to the intended server, but one manned instead by Russian spies. That’s LoJax. And it’s a devil to get rid of,” reports Wired.
Although the malware doesn’t actively steal data, researchers say that LoJax gives the hackers continuous access to the infected computers and allows attackers to install additional malware.
The malware seems to be more of a threat to older devices, since some vendors have built in stronger protections with more recent technology releases. “Using the Windows Secure Boot feature, too, would prevent this type of attack, since it checks to make sure that the firmware image on your computer matches up with the one the manufacturer put there,” writes Wired.
While Fancy Bear has pioneered the new hacking technique, researchers worry that copycats will tune in and start emulating this type of cyberattack.
Get the full story at Wired.