A rootkit is without doubt one of the most harmful varieties of malware that may infect your pc. In July 2022, Kaspersky found a rootkit that particularly targets UEFI firmware of the Gigabyte and Asus motherboards with Intel H81 Chipset. This rootkit, known as CosmicStrand, might be a extreme menace to your pc since Superior Persistent Threats (ATP) actors are its developer.
They’re notoriously well-known for creating lethal threats to entry and management computer systems and networks. Surprisingly, most CosmicStrand assaults have occurred to native residents of China, Russia, Vietnam, and Iran as a substitute of enterprise organizations.
What Is CosmicStrand, and What Does It Do?
CosmicStrand is a rootkit that provides attackers full management of your pc with out you understanding something. It stays undetected by any kind of conventional safety measures after stealthily being put in on the UEFI firmware of your Home windows system.
Other than that, the CosmicStrand rootkit has the power to stay hidden on the sufferer’s system even after the Home windows working system is re-installed or repaired. This skill makes it very harmful and one thing you can not take evenly.
This rootkit permits the attacker to do something they need in your pc, together with stealing delicate info, putting in different malware, and even taking up your complete system.
How Is CosmicStrand Put in on Computer systems?
In line with the researcher at Kaspersky, the hackers have been capable of set up the CosmicStrand on the sufferer’s firmware by making modifications to the CSMCORE DXE driver. This modification pressure the driving force to run a sequence of codes on the system startup that triggers the obtain and set up of the CosmicStrand element.
By analyzing the contaminated firmware pictures, researchers found that the attackers made modifications within the CSMCORE DXE driver by getting prior entry to the sufferer’s pc and overwriting the firmware to introduce the automated patcher. This computerized patcher is accountable for redirecting the entry level of the CSMCORE DXE driver to the malicious code saved within the executable’s RELOC file.
How Can You Defend Your System From CosmicStrand and Different Rootkits?
The easiest way to guard your system from CosmicStrand and different rootkits is to put in a strong safety resolution that may detect and take away such threats.
You also needs to preserve your working system and all of the software program up-to-date with the newest safety patches. This may assist shut any loopholes the attackers can use to get into your system. You must perform the firmware updates and all different important updates by official, dependable sources.
It’s also important to create common backups of your knowledge to be able to restore your system in case it will get contaminated with a rootkit or some other malware.
Aside from that, it might be greatest when you additionally follow primary safety measures like not clicking on unknown hyperlinks or attachments, not downloading pirated software program or content material from untrustworthy web sites, and never sharing your private info with anybody. This may assist you safeguard your self from social engineering assaults.
Ought to You Be Anxious About ComicStrand?
As of August 2022, there are only a few cases of ComicStrand rootkit assaults. Nonetheless, given the sophistication of the rootkit and its skill to stay hidden, we might even see extra assaults sooner or later. Additionally, thus far, solely particular motherboards from Gigabyte and Asus are on the goal listing of the ComicStrand, however it’s attainable that different motherboard producers are in danger, too.
When you’ve got a Gigabyte or Asus motherboard with an Intel H81 chipset, it’s important to test in case your system is contaminated and when you detect the rootkit, take steps to take away it. You also needs to set up a dependable safety resolution to guard your system from such threats sooner or later.
Whereas the ComicStrand rootkit shouldn’t be a widespread menace, it’s essential to concentrate on it and take steps to guard your system.