A new version of the CosmicStrand UEFI was discovered, under threat of old gigabyte and ASUS motherboards

A new version of the CosmicStrand UEFI was discovered, under threat of old gigabyte and ASUS motherb

The UEFI platform is contained in a chip on the mother's pay, and no operation with connected storage devices affects it, and it is recalled in the Caspersky Laboratory, which means that the harmful software contained in UEFI is not easy to detect with an antivirus, nor does it even help to reset the operating system. For the same reason, it is not easy to infect the area, but it is usually used to attack systems belonging to high-ranking individuals rather than a wide range of private users.

==History==The first versions of CosmicStrand were discovered in 2016, when Chinese company Qihoo 360 experts assumed that one of the victims had purchased a modified mother's fee from the reseller. The exact origin of the updated version of the harmonics is not known now. However, an investigation has shown that today CosmicStrand is striking the parent fees of Gigabyte and ASUS on the obsolete H81 chipset, which it debuted as early as 2013. The massive nature of car contamination suggests that it was produced remotely using a certain general vulnerability.

An analysis of the harmful code indicates its Chinese origin: Pathers were found to be present in the previously discovered MyKings botnet, which was deployed on the engineering equipment. CosmicStrand was also not fully understood, as researchers failed to intercept the payload file from the command server. However, one of the machines was found to be damaged, allegedly linked to rutkit, by creating a user in the operating system with the name "aaaabbbb" and granted him the privileges of a local administrator.