Security researchers have found a threat actor known as CosmicStrand UEFI, particularly used by the Chinese-speaking hackers.
Earlier, the alternative version of this malware was discovered by the malware investigators at Qihoo360, an internet and mobile security developer, who named it as ‘Spy Shadow Trojan’.
Accordingly, the Unified Extensible Firmware Interface (UEFI) does the work of connecting a computer’s operating system with it’s firmware of the underlying hardware (processors and memory). Typically, firmware is a computer software which offers a low-level control for a device’s specific hardware.
Consequently, if a malware is injected into the UEFI firmware image, it is very difficult to detect the malware in the system. Also, being constant in nature, this malware cannot be removed by any methods including reinstalling the operating system or by replacing the storage drive.
However, it is still unknown that how the CosmicStrand managed to get inserted into the firmware images of the targeted systems. But majorly, the researchers found this malware on the devices having ASUS and Gigabyte motherboards.
