Breaking News

Malwarebytes uncovered a new attack dubbed Kraken that injects its payload into the Windows Error Reporting service to evade detection.

The WerFault.exe is a service which shows operating system pop-up errors, victims would assume an error happened, but attackers stealthy execute malware using the process.

Slothfulmedia is a dropper, which deploys two files when executed.
1. A RAT designed for C&C communication with the victim machine
2. A dropper deleter that runs once the RAT achieved persistency

UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips on modern day computer systems.
Replacing the legacy BIOS, it is typically used to facilitate the machine's boot sequence and load the operating system, while using a feature-rich environment to do so.
At the same time, it has become the target of threat actors to carry out exceptionally persistent attacks.

One such attack has become the subject of our research, where Kaspersky found a compromised UEFI firmware image that contained a malicious implant.
This implant served as means to deploy additional malware on the victim computers, one that they haven't come across thus far.
To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild.