This malware is able to survive even if you reinstall Windows

It is a fact that malware developers are always looking for alternative ways to infiltrate their victims’ computers. Therefore, it is not surprising that Kaspersky has detected the existence of malware capable of surviving a Windows reinstall or a hard drive change.

How do you do it? Lodging in the motherboard firmware of infected PCs. According to the computer security firm, the malware in question is called CosmicStrand and traces have been detected that would link its authorship with Chinese hackers. By infecting the UEFI from a motherboardthe rootkit is capable of executing malicious processes from the booting of the operating system.

This represents a great danger for the affected computers, since it implies that the malware can connect to a server controlled by cybercriminals and install more malicious componentsbehind the users’ backs.

The “good news” is that the detected cases seem to be focused on very specific territories and, for now, far from the West. Kaspersky mentions that so far it has only been found on computers in Russia, China, Iran and Vietnam. And the other notorious point is that the infections have been registered on computers with components that are not the latest generation. Specifically, on Gigabyte and ASUS motherboards with the H81 chipset.

How did affected PCs get infected by this malware?

malware

According to Kaspersky’s analysis, the computers infected by CosmicStrand belonged to private users, not companies or organizations. But what is truly striking is that there are no details on how the malware may have reached these computers. Still, the researchers are following up on a couple of pretty strong leads.

