If there’s one thing we all have in common when it comes to malware, it’s that nobody likes them. But many choose not to keep an antivirus on their PCs and simply rely on the old method of reinstalling the operating system if there’s too much pesky and unwanted software going on. We have some bad news for those folks.
There’s at least one type of malware out there that’s able to cling to your computer even though you reinstall the operating system.
Watch out for MoonBounce!
MoonBounce is the terrible malware in question. It was discovered in 2021 as it was hiding in a computer, according to the famous Russian antivirus company Kaspersky. As for now, it was found infecting another person’s computer.
If you don’t want to be forced to deal with MoonBounce, the malware capable of bypassing operating system reinstallation, Kaspersky recommends you keep the UEFI firmware updated, and you can do that through BIOS updates from the manufacturer of your motherboard.
As for how can it be possible that Kaspersky can bypass detection so much, even after reinstalling the operating system, Kaspersky is crystal clear via its website:
Dubbed MoonBounce, this malicious implant is hidden within Unified Extensible Firmware Interface (UEFI) firmware, an essential part of computers, in the SPI flash, a storage component external to the hard drive. Such implants are notoriously difficult to remove and are of limited visibility to security products.
The same source wrote:
What’s more, because the code is located outside of the hard drive, such bootkits’ activity goes virtually undetected by most security solutions unless they have a feature that specifically scans this part of the device.
MoonBounce is capable of retrieving additional malware payloads for installation on the computers of the victims. MoonBounce is very stealthy and tricky since it can use a previously benign core component in the firmware of the motherboard to facilitate the deployment of malware.
Leave a Reply