"Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit"

The Glupteba botnet uses a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, increasing the sophistication of the malware. According to Palo Alto Networks' Unit 42 researchers, this bootkit can interfere with and control the operating system boot process, allowing Glupteba to hide and create a stealthy persistence that is difficult to detect and remove. Glupteba is an information stealer and backdoor that can facilitate illicit cryptocurrency mining and launch proxy components on infected hosts. It is also known to use the Bitcoin blockchain as a backup Command-and-Control (C2) system, thus making it more resistant to attempts to take it down. Other functions include delivering additional payloads, siphoning credit card data, committing ad fraud, exploiting routers to gain remote administrative access, and more. This article continues to discuss new findings regarding the Glupteba botnet.

THN reports "Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit"

Submitted by grigby1