{"id":126675,"date":"2020-12-04T18:50:25","date_gmt":"2020-12-04T15:50:25","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/trickbot-trojan-found-to-now-have-the-ability-to-modify-a-computers-uefi\/"},"modified":"2020-12-04T18:50:25","modified_gmt":"2020-12-04T15:50:25","slug":"trickbot-trojan-found-to-now-have-the-ability-to-modify-a-computers-uefi","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/trickbot-trojan-found-to-now-have-the-ability-to-modify-a-computers-uefi\/","title":{"rendered":"#Trickbot trojan found to now have the ability to modify a computer’s UEFI"},"content":{"rendered":"

#Trickbot trojan found to now have the ability to modify a computer’s UEFI<\/strong>”<\/p>\n

\n
\n
\n
\"computer\"
\n Credit: CC0 Public Domain
\n <\/figcaption><\/figure>\n<\/div>\n<\/div>\n

A combined team of security experts from Advanced Intelligence and Eclypsium has announced that the Trickbot trojan malware now has the ability to modify a computer’s Unified Extensible Firmware Interface\u2014the interface between the firmware on a computer motherboard and the computer’s operating system\u2014in this case, Microsoft Windows.<\/p>\n

Trickbot has been in the news<\/a> of late due to its advanced capabilities. It has a modular design and is notable for its ability to gain administrative capabilities on infected computers. The entities behind the creation of the trojan are believed to be criminals in Russia and North Korea, and they have used it to target telecoms, health care firms, education institutions and even infrastructure operators (quite often in the form of ransomware). <\/p>\n

The trojan and its designers have also achieved a degree of fame over the past year as they managed to overcome a takedown by a combined team of experts from Microsoft and a variety of security firms. Now, it app<\/a>ears the trojan has become even more sophisticated, able to embed itself in the computer’s firmware. This new development is considered to be a serious threat because of what it can do once installed. <\/p>\n

When a computer boots up, the UEFI and firmware work together to bring up the operating system\u2014if nefarious code has been embedded in the firmware, it can load its own software modules or even modify the operating system as it loads. Such modules would then go undetected by conventional antivirus software and would not be overcome, even if the hard drive were wiped clean or replaced altogether. <\/p>\n

The team at Eclypsium has dubbed the new feature “Trickboot,” and suggests it allows its makers to take control over both individual computers and whole networks of them. And as a bonus, because it is modular, it can be sold by the developers to users with criminal intent\u2014all the buyers need do is add code to be executed by one of the existing modules. Such functionality could give groups with limited resources the power to create havoc in the user community.\n <\/p>\n\n

\n

Microsoft targets malware vendor Trickbot amid US election fears\n <\/p><\/div>\n

\n
\n More information:<\/strong>
\n eclypsium.com\/2020\/12\/03\/trick \u2026 ersist-brick-profit\/<\/a><\/p><\/div>\n

\n \u00a9 2020 Science<\/a> X Network<\/p>\n

<\/p>\n

\n

Citation<\/strong>:
\n Trickbot trojan found to now have the ability to modify a computer’s UEFI (2020, December 4)
\n retrieved 4 December 2020
\n from https:\/\/techxplore.com\/news\/2020-12-trickbot-trojan-ability-uefi.html<\/p>\n

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
\n part may be reproduced without the written permission. The content is provided for information purposes only.<\/p><\/div>\n<\/p><\/div>\n