Windows

FinFisher malware is updated: it is now capable of infecting Windows computers without being detected by a UEFI Bootkit

2024
FinFisher malware is updated: it is now capable of infecting Windows computers without being detected by a UEFI Bootkit

Table of contents:

Anonim

A new threat looms over Windows-based computers. If you were recently familiar with hearing about Pegasus software, now you may start reading about FinFisher surveillance software, a development that has been perfected to infect Windows devices without being detected

"

FinFisher is surveillance software developed by Gamma International. Also known as FinSpy or Wingbird, this malware takes advantage of a Windows bootloader on which it has worked, achieving a high degree of efficiency as it manages to prevent the system detects it."

Resist reinstalls and hard drive changes

FinFisher is a suite of spyware tools for Windows, macOS, and Linux developed by the Anglo-German firm Gamma International and is officially intended for law enforcement security, which carry out their actions through this system that is installed in equipment and devices of targets to be investigated.

The problem is that now, as Kaspersky researchers have detected, FinFisher has been updated to infect Windows devices using a UEFI bootkit ( Unified Extensible Firmware Interface). This way it works without the computer detecting that it is installed.

UEFI is basically the successor to BIOS (Basic Input Output System), which was created in 1975.Against this, UEFI, an acronym for Unified Extensible Firmware Interface, is the successor firmware, written in C, to BIOS, an evolution that came providing a much more modern graphical interface, a secure boot system, greater boot speed or the support for hard drives larger than 2 TB.

UEFI has support for Secure Boot, which ensures the integrity of the operating system to ensure that no malware has interfered in the boot process, being one of the requirements to use Windows 11.

"

FinFisher has now evolved and has a new feature that allows it to deploy a UEFI bootkit to load, with new samples having properties that replace the bootloader Windows UEFI due to a malicious variant If that&39;s not enough, this has been optimized>"

"

In the words of Kaspersky&39;s Global Research and Analysis team this form of infection allowed attackers to install a bootkit without having to bypass firmware security checks.UEFI infections are very rare and generally difficult to execute, notable for their evasion and persistence."

The objective of FinFisher is none other than to access user data, be they credentials, documents, calls, messages... Even can read and record keystrokes, forward email messages from Thunderbird, Outlook, Apple Mail, and Icedove, and capture audio and video by accessing a computer's microphone and webcam.

Seeing this, the UEFI, which seems like a safe, isolated and almost inaccessible place, is going to have to be more closely monitored by security tools when looking for malware on computers.

Via | The Hackers News Inside Image | The Hacker News

Windows

Editor's choice

Is HTC losing interest in Windows Phone?

Is HTC losing interest in Windows Phone?

2024
Samsung Ativ Q

Samsung Ativ Q

2024
Images of what could be the new Nokia Lumia EOS

Images of what could be the new Nokia Lumia EOS

2024
Build 2013 devices: waiting for manufacturers

Build 2013 devices: waiting for manufacturers

2024
Back to top button