Chinese Malware 'MoonBounce' Can Survive On Devices Even After Factory Reset

Another day, another virus. Nope, we aren't referring to a Covid-19 mutation. Remember digital viruses that were considered the biggest threat to us before the pandemic hit? They're still a big threat. In fact, a new malware called "MoonBounce" is so dangerous that it can even survive a drive reformatting.

This is especially worrying because the best diagnosis for most infected machines is a factory reset. Now, if a malware like MoonBounce can trespass the last resort, it might be time to rethink how malware of the future could operate.

Unsplash

What is MoonBounce?

MoonBounce was discovered by researchers from Kaspersky, a global anti-virus leader. How is MoonBounce able to escape a hard reset, you wonder? Turns out, the malware does not even exist on the hard drive but instead lives in the SPI flaws memory that is in the motherboard of a system.

Also read: Raspberry Pi Can Detect Malware Using Electromagnetic Waves, Say Researchers

Of course, there are solutions. According to The Record, it may be permanently removed by re-flashing the SPI memory, but this is an extremely complicated process and not feasible for a regular user to undertake. The other option is to completely replace the motherboard, which can be an added expensive. Motherboards cost anything between ?4,000 to even ?50,000.

istock

MoonBounce's origins may be traced to (surprise surprise!) China! A stage one malware, MoonBounce performs a multi-stage attack. Its administrators can use MoonBounce to later deploy stage-two malware that may be used to harvest data, execute code, and more.

Also read: Beware! Fake Telegram Messenger Apps Attacking PCs With Dangerous Malware

According to Kaspersky, only one instance of MoonBounce has been noted so far - on a computer belonging to a transportation services company.

Representative visual

Where does MoonBounce come from? Researchers are convinced that the malware hails from APT41, a China-backed cybercrime group. They found that MoonBounce and its complementary stage-two malware were communicating with a server used by APT41.

What do you think about fresh cyber threats that continue to emerge in the digital world? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.

References

Cimpanu, C. (2022, January 21). New MoonBounce UEFI bootkit can¡¯t be removed by replacing the hard drive. The Record by Recorded Future.