LogoFAIL, A New Way To Pick Up A UEFI Bootkit

Oh C’mon!  Do We Really Need This On A Friday?

There is yet another way to get one of the nastiest types of infections going, that being a UEFI bootkit.  This type of malware hides in the extra space in your UEFI BIOS and is able to happily avoid detection by any of your scanners, since they can’t access that chip.  The bootkit can then infect you with a variety of other malware, and even if you happen to detect and remove it, next reboot it will happen again since the actual infection is in your motherboards CMOS.  There have been a few discovered already, but LogoFAIL is a new one, and exactly the type of thing to ruin someone’s day.

As the name implies, LogoFAIL describes a way in which “an attacker could store a malicious image or logo on the EFI System Partition” in some sort of malicious use of steganography.  Since the infection is in the image file LogoFAIL doesn’t need to modify the bootloader nor the firmware on your UEFI like previous bootkits have done, which makes it even harder to find.  The bootloader is not hardware dependant, it will happily infect any motherboard or similar device, and it completely avoids any secure boot protections from any of the vendors that offer that type of protection.

Ready for happy hour at your favourite local yet?

Leave a Reply