A new threat is looming over Windows-based computers. If you have recently become familiar with hearing about the Pegasus software Now you might start reading about FinFisher surveillance software, a development that has been perfected to infect Windows devices without being detected.
FinFisher is surveillance software developed by Gamma International. Also known as FinSpy or Wingbird, this malware takes advantage of a Windows bootloader “on which you have worked”, achieving a high degree of efficiency since it manages to prevent the system from detecting it.
Resists reinstalls and hard drive changes
FinFisher is a suite of spyware tools for Windows, macOS and Linux developed by the Anglo-German firm Gamma International and it is officially intended for the security forces, which carry out their actions through this system that is installed in equipment and devices of objectives to be investigated.
The problem is that now and as they have detected Kaspersky researchers, FinFisher has been updated to infect Windows devices using a UEFI bootkit (Unified Extensible Firmware Interface). In this way it works without the computer detecting that it is installed.
{“videoId”: “x7zq192”, “autoplay”: true, “title”: “The FALSE SMS SCAM from FEDEX: This is the HIDDEN VIRUS and how you can ELIMINATE IT”}
UEFI is basically the successor to BIOS (Basic Input Output System), which was created in 1975. In contrast to this, UEFI, acronym for Unified Extensible Firmware Interface, is the successor firmware, written in C, of BIOS, an evolution that came with a much more modern graphical interface , a secure boot system, higher boot speed, or support for hard drives larger than 2TB.
UEFI has support for secure boot, which guarantees the integrity of the operating system to ensure that no malware has interfered with the boot process, being one of the requirements to use Windows 11.
Now, FinFisher has evolved and has a new feature that allows you to deploy a UEFI bootkit to load, with new samples that feature properties that replace the Windows UEFI boot loader with a malicious variant. As if this is not enough, it has been “optimized” with “other methods of evasion of detection to slow down reverse engineering and analysis.” In this way, the malware is able to go unnoticed by security solutions and even to resist the reinstallation of the operating system or the replacement of the hard disk.
In the words of Kaspersky’s Global Research and Analysis team “This form of infection allowed attackers to install a bootkit without having to skip firmware security checks.” “UEFI infections are very rare and generally difficult to execute, noted for evasion and persistence.”
FinFisher’s goal is none other than to access user dataBe it credentials, documents, calls, messages … You can even read and record keystrokes, forward emails from Thunderbird, Outlook, Apple Mail and Icedove and capture audio and video as you can get access to the microphone and the webcam of a computer.
Seeing this, the UEFI, which seems like a safe, isolated and almost inaccessible place, will have to be more monitored by security tools when looking for malware on computers.
Via | The Hackers News
Interior image | The Hacker News
(function () {window._JS_MODULES = window._JS_MODULES || {}; var headElement = document.getElementsByTagName (‘head’)[0]; if (_JS_MODULES.instagram) {var instagramScript = document.createElement (‘script’); instagramScript.src = “https://platform.instagram.com/en_US/embeds.js”; instagramScript.async = true; instagramScript.defer = true; headElement.appendChild (instagramScript); }}) ();
was originally published in
Engadget Windows
by
Jose Antonio Carmona
.