Categories: NewsTechWindows

FinFisher malware is updated: it is now able to infect Windows computers without being detected by a UEFI Bootkit

A new threat is looming over Windows-based computers. If you have recently become familiar with hearing about the Pegasus software Now you might start reading about FinFisher surveillance software, a development that has been perfected to infect Windows devices without being detected.

FinFisher is surveillance software developed by Gamma International. Also known as FinSpy or Wingbird, this malware takes advantage of a Windows bootloader “on which you have worked”, achieving a high degree of efficiency since it manages to prevent the system from detecting it.

Resists reinstalls and hard drive changes

FinFisher is a suite of spyware tools for Windows, macOS and Linux developed by the Anglo-German firm Gamma International and it is officially intended for the security forces, which carry out their actions through this system that is installed in equipment and devices of objectives to be investigated.

The problem is that now and as they have detected Kaspersky researchers, FinFisher has been updated to infect Windows devices using a UEFI bootkit (Unified Extensible Firmware Interface). In this way it works without the computer detecting that it is installed.

{“videoId”: “x7zq192”, “autoplay”: true, “title”: “The FALSE SMS SCAM from FEDEX: This is the HIDDEN VIRUS and how you can ELIMINATE IT”}

UEFI is basically the successor to BIOS (Basic Input Output System), which was created in 1975. In contrast to this, UEFI, acronym for Unified Extensible Firmware Interface, is the successor firmware, written in C, of ​​BIOS, an evolution that came with a much more modern graphical interface , a secure boot system, higher boot speed, or support for hard drives larger than 2TB.

UEFI has support for secure boot, which guarantees the integrity of the operating system to ensure that no malware has interfered with the boot process, being one of the requirements to use Windows 11.

Now, FinFisher has evolved and has a new feature that allows you to deploy a UEFI bootkit to load, with new samples that feature properties that replace the Windows UEFI boot loader with a malicious variant. As if this is not enough, it has been “optimized” with “other methods of evasion of detection to slow down reverse engineering and analysis.” In this way, the malware is able to go unnoticed by security solutions and even to resist the reinstallation of the operating system or the replacement of the hard disk.

In the words of Kaspersky’s Global Research and Analysis team “This form of infection allowed attackers to install a bootkit without having to skip firmware security checks.” “UEFI infections are very rare and generally difficult to execute, noted for evasion and persistence.”

FinFisher’s goal is none other than to access user dataBe it credentials, documents, calls, messages … You can even read and record keystrokes, forward emails from Thunderbird, Outlook, Apple Mail and Icedove and capture audio and video as you can get access to the microphone and the webcam of a computer.

Seeing this, the UEFI, which seems like a safe, isolated and almost inaccessible place, will have to be more monitored by security tools when looking for malware on computers.

Via | The Hackers News

Interior image | The Hacker News

(function () {window._JS_MODULES = window._JS_MODULES || {}; var headElement = document.getElementsByTagName (‘head’)[0]; if (_JS_MODULES.instagram) {var instagramScript = document.createElement (‘script’); instagramScript.src = “https://platform.instagram.com/en_US/embeds.js”; instagramScript.async = true; instagramScript.defer = true; headElement.appendChild (instagramScript); }}) ();


The news

FinFisher malware is updated: it is now able to infect Windows computers without being detected by a UEFI Bootkit


was originally published in

Engadget Windows

by
Jose Antonio Carmona

.

Me Time Tech

Recent Posts

Exploring the Top 5 Voice AI Alternatives: What Sets Them Apart?

Exploring the Top 5 Voice AI Alternatives: What Sets Them Apart?

5 months ago

How iGaming Platforms Ensure Seamless Integration of Casino Games and Sports Betting?

How iGaming Platforms Ensure Seamless Integration of Casino Games and Sports Betting?

6 months ago

The Rise of Spatial Computing: Evolution of Human-Computer Interaction

The Rise of Spatial Computing: Evolution of Human-Computer Interaction

9 months ago

Top 10 Benefits of AWS

Top 10 Benefits of AWS

10 months ago

Data Loss on Windows? Here’s How Windows Recovery Software Can Help

Data Loss on Windows? Here's How Windows Recovery Software Can Help

1 year ago

Integrating Widgets Seamlessly: Tips for Smooth Implementation and Functionality

Integrating Widgets Seamlessly: Tips for Smooth Implementation and Functionality

1 year ago