In just the last two months, the cybercriminal-controlled botnet known as TrickBot has become, by some measures, public enemy number one for the cybersecurity community. It’s survived takedown attempts by Microsoft, a supergroup of security firms, and even US Cyber Command. Now it appears the hackers behind TrickBot are trying a new technique to infect the deepest recesses of infected machines, reaching beyond their operating systems and into their firmware.
Security firms AdvIntel and Eclypsium today revealed that they’ve spotted a new component of the trojan that TrickBot hackers use to infect machines. The previously undiscovered module checks victim computers for vulnerabilities that would allow the hackers to plant a backdoor in deep-seated code known as the Unified Extensible Firmware Interface, which is responsible for loading a device’s operating system when it boots up. Because the UEFI sits on a chip on the computer’s motherboard outside of its hard drive,