header banner
Default

The Times of India describes how this malware is targeting older Asus and Gigabyte motherboards


Table of Contents

    How this malware is targeting older motherboards from Asus and Gigabyte

    The report suggests that Kasperksy not only discovered the malware but also stated that CosmicStrand was being circulated on Windows machines in countries like -- China, Vietnam, Iran and Russia. Moreover, the company also claimed that all the victims are likely to be private individuals as they were using Kaspersky’s free antivirus software.

    Antivirus company

    Kaspersky

    has recently discovered a “malware strain” that can “survive OS reinstalls” and has been “infiltrating older motherboards from

    Asus

    and

    Gigabyte

    .” According to a report by PCMag, the malware named

    CosmicStrand

    is designed to target the

    UEFI

    (Unified Extensible Firmware Interface) of these motherboards which allows it to survive on a Windows system even after the storage drive has been removed.

    The report suggests that Kaspersky not only discovered the malware but also stated that CosmicStrand was being circulated on Windows machines in countries like -- China, Vietnam, Iran and Russia. Moreover, the company also claimed that all the victims are likely to be private individuals as they were using Kaspersky’s free antivirus software.
    How CosmicStrand is affecting Asus and Gigabyte motherboards
    As per Kaspersky’s research, CosmicStrand malware was discovered on firmware images for older Asus and Gigabyte motherboards that used the H81 chipset.

    Intel

    introduced these chipsets in 2013, however, now they are discontinued.
    CosmicStrand is capable of executing “malicious processes” starting from when the PC boots up as it infects the motherboard's UEFI. Eventually, the malware makes the machine retrieve a nasty component from a hacker-controlled server and installs the same inside the Windows OS.

    Kaspersky has stated that it was unable to “obtain a copy of data coming from the C2 (command and control) server.” However, the company got hold of some evidence that the makers of CosmicStrand were trying to remotely take over the infected systems.
    How is CosmicStrand being spread
    Kaspersky also couldn't confirm how CosmicStrand was being introduced on the victim's computers. But, the report suggests that it might have either arrived from another malware strain that was already present in the system or hackers might have gained physical access to the hardware.

    The company explains, “Looking at the various firmware images we were able to obtain, we assess that the modifications may have been performed with an automated patcher. If so, it would follow that the attackers had prior access to the victim’s computer to extract, modify and overwrite the motherboard’s firmware.”
    How CosmicStrand has been hiding for so long
    As per the report, CosmicStrand is not the first UEFI-based malware as the antivirus industry has uncovered many other strains over the years. However, CosmicStrand has managed to hide for several years.
    According to Kaspersky’s research, one sample of the malware was first spotted to be communicating with a hacker-controlled for the first time in December 2016. Again, another sample was found connecting to a different hacker-controlled server in 2020. The antivirus company has also mentioned that the Chinese antivirus vendor

    Qihoo

    360 also uncovered an early variant of CosmicStrand back in 2017 that affected an Asus B85M motherboard.
    Moreover, Kaspersky added that initially, Qihoo’s report hinted that the buyer probably received a “backdoored motherboard after placing an order at a second-hand reseller.” However, Kaspersky wasn’t able to confirm the information.
    Also Read: Microsoft has warned about an Android malware that can empty your mobile balance. Click here to read more about it.

    Sources


    Article information

    Author: Sandra Barnes

    Last Updated: 1702818004

    Views: 1370

    Rating: 3.9 / 5 (45 voted)

    Reviews: 92% of readers found this page helpful

    Author information

    Name: Sandra Barnes

    Birthday: 1977-06-18

    Address: 088 Cynthia Grove, West Lisachester, DC 17431

    Phone: +4559467360222444

    Job: Park Ranger

    Hobby: Beer Brewing, Tea Brewing, Painting, Cycling, Video Editing, Rowing, Chocolate Making

    Introduction: My name is Sandra Barnes, I am a brilliant, fearless, Gifted, ingenious, Adventurous, Precious, capable person who loves writing and wants to share my knowledge and understanding with you.