One of the most infamous threats, Trickbot, now has a startling feature that can rummage the PC for any vulnerability in its firmware. This Bootkit functionality has the ability to tamper with firmware’s UEFI. This can then allow the malware to persist on the PC in a hidden mode, thus posing a serious threat to computer security.
TrickBot gets BIOS/ UEFI Bootkit feature to avoid computer security detections
Computer Security firms Eclypsium Inc and AdvIntel (AdvIntel) spotted Trojan’s new component that the TrickBot hackers can use to infect devices. This module inspects the victim’s PC for any vulnerabilities, which hackers can then use to plant a backdoor in UEFI (Unified Extensible Firmware Interface). UEFI is a chip on the motherboard and is in charge of loading the computer’s OS when it boots up. Since UEFI sits outside the hard drive, stationing a malicious code in it would allow the malware to circumvent the majority of antivirus detections. It also allows Trickbot to evade software updates or even if the OS is reinstalled. Corruption of the motherboard can go to an extent that it would need replacement.
Perceived to be Russia-based, the hackers responsible for this dangerous malware have attained a reputation as a major threat in the cyber world. Their botnet has been used to inject several ransomware such as Conti and Ryuk.