UEFI rootkit malware

Email
Comment *
File	Select/drop/paste files here
Password	(Randomized for file and post deletion; you may also set your own.)
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Comment *

File

Select/drop/paste files here

Password

(Randomized for file and post deletion; you may also set your own.)

* = required field

[▶ Show post options & limits]
Confused? See the FAQ.

Flag
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 16 MB. Max image dimensions are 15000 x 15000. You may upload 3 per post.

Flag

Oekaki

Show oekaki applet
(replaces files and can be used instead)

Options

Do not bump
(you can also write sage in the email field)

Spoiler images
(this replaces the thumbnails of your images with question marks)

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.

File (hide): 7f49e206d4da8b5⋯.png (26.85 KB, 728x533, 56:41, LoJax-UEFI-rootkit-malware.png) (h) (u)

[–]

▶UEFI rootkit malware Anonymous 09/28/18 (Fri) 22:24:03 No.979189>>979290 [Watch Thread][Show All Posts]

https://thehackernews.com/2018/09/uefi-rootkit-malware.html

>First spotted in early 2017, LoJax is a trojaned version of a popular legitimate LoJack laptop anti-theft software from Absolute Software, which installs its agent into the system's BIOS to survive OS re-installation or drive replacement and notifies device owner of its location in case the laptop gets stolen.

>According to researchers, the hackers slightly modified the LoJack software to gain its ability to overwrite UEFI module and changed the background process that communicates with Absolute Software's server to report to Fancy Bear's C&C servers.

>Upon analyzing the LoJax sample, researchers found that the threat actors used a component called "ReWriter_binary" to rewrite vulnerable UEFI chips, replacing the vendor code with their malicious one

It's on baby!

▶Anonymous 09/28/18 (Fri) 22:28:44 No.979195

Does this mean.. we can finally kill CompuTrace?!

▶Anonymous 09/28/18 (Fri) 22:32:50 No.979197

>popular legitimate LoJack laptop anti-theft software

This type of software is also an issue with older thinkpads, you needed to install a special custom BIOS to disable it. Nowadays there's also the option of using Coreboot and Libreboot to remove it.

While I don't like UEFI to the extent that I won't buy any hardware that has it this is nothing new.

▶Anonymous 09/28/18 (Fri) 23:11:16 No.979211

So does this mean we could use software to install core/libreboot on newer devices?

▶Anonymous 09/28/18 (Fri) 23:21:01 No.979215

File (hide): abdb66a7866dcea⋯.pdf (2.15 MB, ESET-LoJax.pdf) (h) (u)