Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit
Feb 13, 2024
Cryptocurrency / Rootkit
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface ( UEFI ) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to detect and remove," Palo Alto Networks Unit 42 researchers Lior Rochberger and Dan Yashnik said in a Monday analysis. Glupteba is a fully-featured information stealer and backdoor capable of facilitating illicit cryptocurrency mining and deploying proxy components on infected hosts. It's also known to leverage the Bitcoin blockchain as a backup command-and-control (C2) system, making it resilient to takedown efforts . Some of the other functions allow it to deliver additional payloads, siphon credentials, and credit card data, perform ad fraud, and even exploit routers to ga...
