MosaicRegressor (virus)

2020: There was the first virus for attacks on the successor of BIOS

On October 5, 2020 it became known of appearance of the first virus attacking microprograms of UEFI (Unified Extensible Firmware Interface) which are successors of BIOS. Shared the find in Kaspersky Lab.

As explained in the company, UEFI is loaded to the operating system and controls all processes on "early start", from here and the main danger connected with a compromise of this Wednesday: if to make changes to the UEFI code, it is possible to receive full control over the computer. For example, to change memory, the maintenance of a disk or as in a case with the malware under the name MosaicRegressor, to force the operating system to start the harmful file. And as it is about the low-level malware, neither replacement of the hard drive, nor reinstallation of OS will help to get rid of it, experts warned.

The first virus for attacks on the successor of BIOS is detected

During the research of infrastructure MosaicRegressor "Kaspersky Lab" established that the Vector-EDK code is the basis for components of the UEFI butkit. This is the special designer who was created by the Hacking Team cybergroup and including contains the instruction for creation of the module for a refirmware of UEFI.

In 2015. these and other source codes of Hacking Team as a result of leak appeared in free access that allowed malefactors to create own software with the minimum efforts: they just complemented the source code with a harmful component.

The company emphasized that specialists faced the advanced tool for cyber attacks which each hacker can create not. However with the advent of ready working examples there is a danger of reuse of technology especially as to it any can still download instructions. This incident shows that malefactors become more and more creative and constantly the technicians improve, noted in Laboratory of Kaspersk.^[1]

Notes