MoonBounce Malware Can Survive Computer Antivirus, Says Kaspersky; Chinese-Linked Espionage Group Believed To Be Behind it

Kaspersky's cybersecurity researchers recently spotted a new breed of malware that can bypass normal security protection, like in the case of an antivirus.

According to the experts, it could not be removed easily, even in drive formatting or replacement. The latest finding also revealed that this security threat came from APT41, a Chinese-linked espionage group that the government sponsors.

How Dangerous is MoonBounce Malware

MoonBounce Malware Can Survive Computer Antivirus, Says Kaspersky | Chinese-Linked Espionage Group Believed to be Behind it
Kaspersky's team discovered a unique type of malware that is potentially linked to a Chinese state-sponsored espionage group. How dangerous is MoonBounce? Ed Hardie from Unsplash
(Photo : Ed Hardie from Unsplash)

According to a report by FossBytes, the unique part of the MoonBounce malware is its ability to thrive in the motherboard's SPI memory.

Unlike other malware, which normally thrive in the hard drive, it would remain in the computer even after replacing its hard drive. Either way, reinstalling your operating system won't do anything to erase it.

Kaspersky stated that there is only one way to get rid of this pesky software. Since this malware is considered a bootkit, it can only be exterminated by doing a complex process called SPI memory re-flashing.

Another costly solution that can entirely delete it in the computer is replacing the PC's motherboard.

While this was the first time that cybersecurity analysts encountered MoonBounce malware, other malware already lived in the motherboard's SPI memory before. These include MosaicRegressor, ESPectre, UEFI bootkit, and LoJax.

The Kaspersky researchers said that this malware is challenging to remove at first since it appears to be unachievable. However, as time passes, they get used to it until it becomes a part of the norm.

Chinese Government-Sponsored Group Behind MoonBounce Malware

According to Kaspersky, in another report by Tech Radar on Monday, Jan. 24, the recently discovered malware is made for multi-stage attack, thus becoming a stage one malware.

There are times that this threat can be used to infect other systems by using a device or group of devices to carry out attacks. These gadgets will later become outlets of ransomware, remote code files, and data harvesters.

Despite its rarity, MoonBounce malware is believed to be under the control of an espionage group called APT4. This crew of cybercriminals is allegedly linked to the Chinese government.

Kaspersky said that the stage two malware and the MoonBounce were found to exist in the same device. They were caught functioning under the similar server infrastructure where APT41 operated.

As of press time, the Russian antivirus provider has not yet known the possible way MoonBounce actually entered on the affected devices.

"As a safety measure against this attack and similar ones, it is recommended to update the UEFI firmware regularly and verify that BootGuard, where applicable, is enabled. Likewise, enabling Trust Platform Modules, in case corresponding hardware is supported on the machine, is also advisable," Kaspersky said.

Chinese Hackers Are Everywhere

In connection to this article, Tech Times reported in September 2021 that the SideWalk malware was found to be connected to Grayfly, a known Chinese spy group.

Slovakian cybersecurity company ESET disclosed the details about this report. It said that this was the same group which is responsible for the spread of the Winnti malware.

Meanwhile, the Webdav-O computer virus was spotted to have exploited Russian federal agencies. This resembled Trojan, but under a special variant dubbed "BlueTraveller." It was reportedly under the control of TaskMasters, a notorious squad of Chinese hackers.

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics