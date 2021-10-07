An opening in UEFI technology, created to aid compatibility with different software and solve BIOS-related issues, may have been in use for almost 10 years in espionage operations. This is what the discovery of ESPecter points out, a pest with capabilities to record data typed on the keyboard and steal documents when starting to work even before the protections present in operating systems such as Windows. Twitch source code and confidential information leaks on the internet

China wants to ban companies from sharing sensitive data abroad Yeah through this functioning the malware is able to persist even to reboots and protection devices. According to ESET experts, responsible for discovering the opening, from the vulnerability, attackers can gain control over the operating system’s boot process, running their own drivers that bypass, for example, Windows scanning systems and other software as well as hardware tools that ensure protection during such tasks. According to the experts’ warning, ESPecter was found on a compromised machine and has development records dating back to 2012, indicating that the current version, which compromises UEFI platforms, is already an evolution over previous versions, which also reached legacy BIOSes. In all cases, two DLL files run directly on Windows, opening up the ability of remote control by criminals and the possibility of downloading new malware. Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news in the tech world for you!

In addition to handling documents and data records, contacting the server also allows you to send information about yourself system, as well as changes to the settings and even the registry of the operating system. The screen can be monitored through screenshots while, in a capacity available only in the Vista version of Windows, the computer can be rebooted or turned off remotely.

In the study, experts point out that , by carrying out the attacks, the criminals were able to turn off the operating system’s safe boot system, either through physical access to the device or bad system configurations by the user. ESET is also studying the possibility that the opening may come from loopholes in UEFI technology, whether from known flaws in non-updated systems or zero-day vulnerabilities.

Despite this potential destructive and even mysterious, researchers point out that evidence of effective use of openings of this type is rare, both in the case of ESPectre and other similar threats. They are usually linked to criminal gangs linked to government entities, hence, also, the idea that their emergence is related to espionage operations and not necessarily attacks against common users.

Yeah, on the other hand, a demonstration of sophistication and the search for increasingly persistent threats by the bad guys. While specific mitigations are not yet available, ESET points to the application of software and hardware updates, as well as the use of secure boot technologies and account and permission management as good ways to protect against this type of attack.

