Malware That Can’t Be Removed by an OS Reinstall is Being Used by Russian Hackers
According to a story on PCMag Asia, security experts believe that Russian start sponsored hacker group “Fancy Bear” are using a type of malware that can survive an operating system installation. Typically formatting a hard drive and installing a new operating system on a computer would erase any sign of a malware program or a computer virus.
The article says this new malware was discovered by research firm ESET while examining a client’s computer. ESET explained that the malware they found survives by making its way into a computer’s flash memory. It does this by attacking the Unified Extensible Firmware Interface or UEFI. By staying in the flash memory of a computer the malware can reactivate itself after a new operating system is installed.
ESET believes that the Russian group is using the malware to target government agencies in order to try to influence them or elections like they did in 2016 when they attacked the Democratic National Committee’s computer networks.
This is a first in the world of malware and while it’s likely this is only impacting government computers, networks, and possibly the computers of government employees or employees of politicians; there is a very good chance this technology will leak out into the private sector and begin to impact the computers of consumers and business owners.
Currently the only way to stop this malware is to reboot a computer in the ‘secure boot’ mode. When you do this the malware won’t pass the required checks and should be removed by the computer. You can also avoid being infected by making sure your computer’s firmware is up to date.
This new malware is another reason why you should have a plan to change your passwords frequently.