Breaking News

Slothfulmedia is a dropper, which deploys two files when executed.
1. A RAT designed for C&C communication with the victim machine
2. A dropper deleter that runs once the RAT achieved persistency

UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips on modern day computer systems.
Replacing the legacy BIOS, it is typically used to facilitate the machine's boot sequence and load the operating system, while using a feature-rich environment to do so.
At the same time, it has become the target of threat actors to carry out exceptionally persistent attacks.

One such attack has become the subject of our research, where Kaspersky found a compromised UEFI firmware image that contained a malicious implant.
This implant served as means to deploy additional malware on the victim computers, one that they haven't come across thus far.
To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild.

IPStorm's ability to infect Android, macOS and Windows devices as well as those that are Linux-based makes it much more dangerous.

What sets this botnet apart from others is that it's built on top of the InterPlanetary File System (IPFS), a protocol for storing and sharing data in a distributed file system.
This means the infected devices become part of a peer-to-peer network and talk directly to each other, giving the botnet more resilience against takedown attempts