Casa > cibernético Notícias > Hacking Team Using UEFI BIOS Rootkit to Keep Their Malware on Systems

Equipe de hackers usando UEFI BIOS Rootkit para manter seu malware nos sistemas

Hacking Team is now selling their surveillance system Galileo. This software is said to be able to hack any mobile software, incluindo iOS, telefone do Windows, andróide, Symbian and Blackberry. Contudo, there have been reports that it can also affect Windows and OS X, e Linux. It has been reported that through a clever rootkit, the malware can remain on your computer even after you have reinstalled your operating system. The surveillance system checks whether its agent is present on your device, and if it is not, it will reinfect it. So it seems that once infected with this malware, it is next to impossible to get rid of it, making this infection one of the most dangerous there is.


Infection Only Transferred Through Physical Access.

The good news is that physical access to the device is needed for the initial infection. assim, the chances of users getting infected do not seem to be great right now. There are three files that need to be transferred onto your device in order for it to become infected. One of them is Ntfs.mod, whose purpose is to read and write NTFS files. The second file is called dropper.mod that drops the file scout.exe onto the computer if it is not present. The latter file can be located in the Startup folder in Windows at least. And the third file is called Rkloader.mod. It is used to establish the connection between UEFI events and reboots.

Galileo Transmits Any and All Data.

If this malware manages to somehow be transferred onto your device, it will be able to surreptitiously transfer your text messages, histórico de navegação, e emails. It will also be able to access your microphone and camera, recording constantly. Hacking Team even claims that even though the malware is constantly running it will not affect the performance of the device. This means that it is highly unlikely for Galileo to be discovered by users.

The Remote Control System Is Not for Private Users.

As we have already established, physical access is needed to transfer the malware. Surely one of your friends will not infect you, and giving your phone or laptop to some stranger is not likely. This is why Hacking Team offers its system only to governments. Government agencies can get a hold of your devices when you go through an airport, or if they have seized your property for instance. Then it will not be hard for them to install the surveillance system on your device. Para agora, its intended clients are governments of developing countries such as Morocco, Sudan, México, UAE, Malásia, Cazaquistão, etc.

atualmente, Galileo is working with AMI BIOS and Insyde Bios images. These are implemented by laptops and desktop PCs sold by Lenovo, HP, and Dell. Contudo, Hacking Team has offered support for its customers if they find that the system is not compatible with some BIOS images.


Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar