TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system.
The new functionality, dubbed “TrickBoot” by Advanced Intelligence (AdvIntel) and Eclypsium, makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers to inject malicious code in the UEFI/BIOS firmware of a device, granting the attackers an effective mechanism of persistent malware storage.
“This marks a significant step in the evolution of TrickBot as UEFI level implants are the deepest, most powerful, and stealthy form of bootkits,” the researchers said.
“By adding the ability to canvas victim devices for specific UEFI/BIOS firmware vulnerabilities, TrickBot actors are able to target specific victims with firmware-level persistence that survives re-imaging or even device bricking capability.”
UEFI is a firmware interface and a replacement for BIOS that improves security, ensuring that no malware has tampered with the boot process. Because UEFI facilitates the loading of the operating system…