MoonBounce Malware

By Mezo in Malware

Translate To:

Back in spring 2021, a new UEFI implant threat emerged as part of a highly-targeted attack. Analysis of the attack and the threat tracked as MoonBounce were released in a report published by Securelist. The researchers discovered that the infection involved the modification of a single component of the targeted computer system's firmware image.

By doing so, the attackers were then able to intercept the intended execution flow of the device's boot sequence and instead initiate an advanced infection chain. Although not conclusive, multiple factors point towards MoonBounce being connected to the APT (Advanced Persistent Threat) group APT41, which is believed to have ties to China.

MoonBounce Details

The MoonBounce threat is especially stealthy as it exploits the SPI flash of the infected device. SPI stands for Serial Peripheral Interface, a serial protocol tsked with facilitating the communication between various devices such as serial flash devices. As a result, the MoonBounce implant completely circumvents the need to exist on the system's hard drive.

Furthermore, it can persist through any disk formats or disk replacements. The infection chain as a whole leaves few traces behind as it is run completely filelessly and entirely in memory. The main purpose of the MoonBounce threat is to enable the delivery of a user-mode malware, which in turn is tasked with the deployment of additional next-stage payloads fetched from the Internet.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

MoonBounce Malware

MoonBounce Details

Submit Comment

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen