Antivirus company

Kaspersky

has recently discovered a “malware strain” that can “survive OS reinstalls” and has been “infiltrating older motherboards from

Asus

and

Gigabyte

.” According to a report by PCMag, the malware named

CosmicStrand

is designed to target the

UEFI

(Unified Extensible Firmware Interface) of these motherboards which allows it to survive on a Windows system even after the storage drive has been removed.

The report suggests that Kaspersky not only discovered the malware but also stated that CosmicStrand was being circulated on Windows machines in countries like -- China, Vietnam, Iran and Russia. Moreover, the company also claimed that all the victims are likely to be private individuals as they were using Kaspersky’s free antivirus software.
How CosmicStrand is affecting Asus and Gigabyte motherboards
As per Kaspersky’s research, CosmicStrand malware was discovered on firmware images for older Asus and Gigabyte motherboards that used the H81 chipset.

Intel

introduced these chipsets in 2013, however, now they are discontinued.
CosmicStrand is capable of executing “malicious processes” starting from when the PC boots up as it infects the motherboard's UEFI. Eventually, the malware makes the machine retrieve a nasty component from a hacker-controlled server and installs the same inside the Windows OS.

Kaspersky has stated that it was unable to “obtain a copy of data coming from the C2 (command and control) server.” However, the company got hold of some evidence that the makers of CosmicStrand were trying to remotely take over the infected systems.
How is CosmicStrand being spread
Kaspersky also couldn't confirm how CosmicStrand was being introduced on the victim's computers. But, the report suggests that it might have either arrived from another malware strain that was already present in the system or hackers might have gained physical access to the hardware.

The company explains, “Looking at the various firmware images we were able to obtain, we assess that the modifications may have been performed with an automated patcher. If so, it would follow that the attackers had prior access to the victim’s computer to extract, modify and overwrite the motherboard’s firmware.”
How CosmicStrand has been hiding for so long
As per the report, CosmicStrand is not the first UEFI-based malware as the antivirus industry has uncovered many other strains over the years. However, CosmicStrand has managed to hide for several years.
According to Kaspersky’s research, one sample of the malware was first spotted to be communicating with a hacker-controlled for the first time in December 2016. Again, another sample was found connecting to a different hacker-controlled server in 2020. The antivirus company has also mentioned that the Chinese antivirus vendor

Qihoo

360 also uncovered an early variant of CosmicStrand back in 2017 that affected an Asus B85M motherboard.
Moreover, Kaspersky added that initially, Qihoo’s report hinted that the buyer probably received a “backdoored motherboard after placing an order at a second-hand reseller.” However, Kaspersky wasn’t able to confirm the information.
Also Read: Microsoft has warned about an Android malware that can empty your mobile balance. Click here to read more about it.