Russian security firm Kaspersky claims to have found a number of suspicious UEFI images, based on the leaked source code of the Italian firm Hacking Team, containing a malicious implant that could be used place a malicious update on a Windows system.
The images placed a file called IntelUpdate.exe in the victim’s Windows Startup folder.
Researchers Mark Lechtik, Igor Kuznetsov and Yury Parshin said in a detailed blog post that this was the second time that malicious UEFI firmware being used by a threat actor had been found in the wild.
[]—
Back in September 2018, researchers at the Slovakian security firm ESET discovered an UEFI rootkit in the wild.
Hacking Team, a company that used to sell surveillance and hacking software to governments worldwide, was broken into in July 2015.
A man who called himself Phineas Fisher claimed to be behind the act, saying he had done it to punish the company and its customers as they had been often caught using Hacking Team’s wares to spy on dissidents and human rights activists.
Kaspersky said the malicious images had been found by using Firmware Scanner, which it has been using in its products since the beginning of 2019.
— source itwire.com | 06 Oct 2020