BEWARE – Lojax: first UEFI rootkit Detected
Lojax is a piece of malware which is capable of triggering the remote malicious code in computers and unpatched devices.
It's been more than eight months after researchers detailed the malware but, Lojax Malware still continues infecting computers.
Fancy Bear (also known as Sednit) is a Russian cyber espionage group specialized in cyber-attacks that are classified as Advanced Persistent Threats (APTs) has developed the Lojax malware which can survive an operating system being reinstalled, and it also has a unique origin that makes it incredibly tough to combat.
This makes it especially dangerous for organizations and institutions that are lacking protection against this kind of attack.
According to the cybersecurity experts, Fancy Bear operators used different components of the Lojax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe.
The group of cyber-attackers is also supposed to be behind the hacking of global television network TV5Monde, the World Anti-Doping Agency (WADA) email leak, and many others.
How does Lojax Malware work?
Lojax acts like a rootkit that enables cyber-attackers to access the targeted computer or network administrative levels and capable enough to alter specific Windows registry files to stay concealed from the regular antivirus software and user.
Lojax is designed to drop malware onto the computer and ensure it is executed when the system starts up, but what makes Lojax so special is that it is the first rootkit to be detected that directly attacks the Unified Extensible Firmware Interface (UEFI) which provides an interface for the computer’s operating system (OS) to connect with the firmware.
LoJax accesses the UEFI by using binary files from the operating system, compile information about its hardware. From there, they patch the UEFI, hide the malicious code, and write on it again, all from Windows. This way, the cyber attacker can take total control of the UEFI.
UEFI rootkits are widely viewed as exceptionally dangerous tools for implementing cyber-attacks, as they are hard to detect and able to survive security measures such as operating system reinstallation and even a hard disk replacement.
It detects the security vulnerabilities in your system, takes advantage of it and injects itself in the computers from C2 servers. The stealthy and versatile nature of the malware slows down the speed of the system, monitors browsing data and steal information.
If the infection is successful, cyber-criminals can use LoJax to remotely access the system constantly and install and execute additional malware on it without the user’s permission.
Besides, cyber attackers or developer of such malicious software keep track of your browsing activity to steal information like banking details, emails, login IDs, passwords, geographic locations, social media accounts, and IP address.
This personal information, later, may be sold to third parties which can lead to serious privacy violations, financial loss or even theft.
Thus, it is important to use a successful robust anti-malware removal tool such as Malware Crusher to safeguard your PC from Lojax and other advanced cyber threats.
To Conclude
Users can guard their PC against LoJax by enabling Secure Boot; a security tool ensures that a system is booted using software which is authentically signed by original equipment manufacturers. Secure Boot, which detects and blocks tampered payloaders, OS files, and other malicious software.
We advise you to keep your UEFI firmware up-to-date and follow the Microsoft guidelines on configuring Secure Boot if you do not have the technical knowledge.
Organizations should also follow security best practices and enforce defense in depth through security mechanisms that can prevent threats from endpoints, networks, servers, and gateways.
We also need to comprehensively upgrade our cyber defense systems and processes to more effectively guard against cybersecurity risks, as well as to respond in a timely and robust manner to prevent any intrusion in the future.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
