Home > Cyber News > Hacking Team Using UEFI BIOS Rootkit to Keep Their Malware on Systems

Hacking Team Using UEFI BIOS Rootkit to Keep Their Malware on Systems

Hacking Team is now selling their surveillance system Galileo. This software is said to be able to hack any mobile software, including iOS, Windows Phone, Android, Symbian and Blackberry. However, there have been reports that it can also affect Windows and OS X, and Linux. It has been reported that through a clever rootkit, the malware can remain on your computer even after you have reinstalled your operating system. The surveillance system checks whether its agent is present on your device, and if it is not, it will reinfect it. So it seems that once infected with this malware, it is next to impossible to get rid of it, making this infection one of the most dangerous there is.


Infection Only Transferred Through Physical Access.

The good news is that physical access to the device is needed for the initial infection. So, the chances of users getting infected do not seem to be great right now. There are three files that need to be transferred onto your device in order for it to become infected. One of them is Ntfs.mod, whose purpose is to read and write NTFS files. The second file is called dropper.mod that drops the file scout.exe onto the computer if it is not present. The latter file can be located in the Startup folder in Windows at least. And the third file is called Rkloader.mod. It is used to establish the connection between UEFI events and reboots.

Galileo Transmits Any and All Data.

If this malware manages to somehow be transferred onto your device, it will be able to surreptitiously transfer your text messages, browsing history, and emails. It will also be able to access your microphone and camera, recording constantly. Hacking Team even claims that even though the malware is constantly running it will not affect the performance of the device. This means that it is highly unlikely for Galileo to be discovered by users.

The Remote Control System Is Not for Private Users.

As we have already established, physical access is needed to transfer the malware. Surely one of your friends will not infect you, and giving your phone or laptop to some stranger is not likely. This is why Hacking Team offers its system only to governments. Government agencies can get a hold of your devices when you go through an airport, or if they have seized your property for instance. Then it will not be hard for them to install the surveillance system on your device. For now, its intended clients are governments of developing countries such as Morocco, Sudan, Mexico, UAE, Malaysia, Kazakhstan, etc.

Currently, Galileo is working with AMI BIOS and Insyde Bios images. These are implemented by laptops and desktop PCs sold by Lenovo, HP, and Dell. However, Hacking Team has offered support for its customers if they find that the system is not compatible with some BIOS images.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share