Widespread attacks spreading the Glupteba malware in November involved the integration of a newly discovered EfiGuard Unified Extensible Firmware Interface bootkit that has provided the botnet with self-concealment and increased stealth through the deactivation of Driver Signature Enforcement and PatchGuard, The Hacker News reports. Organizations in various industries across Europe and Asia have been targeted by the attack campaign, which commenced with the utilization of pay-per-install services that trigger an attack chain that deploys PrivateLoader or SmokeLoader before Glupteba, which then performs data exfiltration, cryptocurrency mining, and further payload delivery, according to a report from Palo Alto Networks’ Unit 42 researchers.

Source: SC Magazine