Chinese hackers spreading undetectable malware for espionage

Chinese hackers spreading undetectable malware for espionage

Researchers at cybersecurity company Kaspersky have uncovered an Advanced Persistent Threat (APT) spying campaign that uses a rare type of malware.

Kaspersky reports that the Chinese-speaking hacker group has been using rootkits called "MosaicRegressor" for two years to target NGOs and diplomatic missions for espionage campaigns.

The researchers said that it would be difficult to detect and remove the malware used for spying in Asia, Africa, and Europe.

This malware affects the computer's Unified Extended Firmware Interface (UEFI), which was introduced before the operating system and other programs.

This means that no security software or antivirus can detect this malware. However, Kaspersky has stated that this malware is unusual but not unique.

The UEFI bootkit component used to insert malicious code into the user's device is based on the vector EDK bootkit.

It was created by a hacking team in 2015 and leaked online. Since then, this code has been used as the basis for newly discovered malware.

Although the UEFI attack provided ample opportunities for threat characters, the mosaic regressor was the first to come out in public, where the threat character used custom-made, malicious UEFI firmware, says Mark Lechtik, a senior security researcher at Kaspersky's Global Research and Analysis Team.

But Kaspersky has not been able to determine what method the attacker used to attack the user's device. However, he estimates the effect vector in two options.

The first is to install a Trojan downloader using the bootable USB key and get physical access to the user's computer.

Similarly, the second most common method for installing a Trojan downloader is to collect information from a compromised device using spearfishing delivery.