Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)

A UEFI rootkit, believed to have been built by Kremlin spies from an anti-thief software program to snoop on European governments, has been publicly picked apart by researchers.

A rootkit is a piece of software that hides itself on computer systems, and uses its root or administrator-level privileges to steal and alter documents, spy on users, and cause other mischief and headaches. A UEFI rootkit lurks in the motherboard firmware, meaning it starts up before the operating system and antivirus suites run, allowing it to bury itself deep in an infected machine, undetected and with high-level access privileges.

According to infosec biz ESET, a firmware rootkit dubbed LoJax targeted Windows PCs used by government organizations in the Balkans as well as in central and eastern Europe. The chief suspects behind the software nasty are the infamous Fancy Bear (aka Sednit aka Sofacy aka APT28) hacking crew, elsewhere identified as a unit of Russian military intelligence.

That's the same Fancy Bear that's said to have hacked the US Democratic Party's servers, French telly network TV5, and others.

The malware is based on an old version of a legit application by Absolute Software called LoJack for Laptops, which is typically installed on notebooks by manufacturers so that stolen devices can be found. The code hides in the UEFI firmware, and phones home to a backend server over the internet. Thus, if the computer is nicked, it will silently reveal its current location to its real owner.

As we reported in May, eggheads at Netscout's Arbor Networks spotted LoJack being reused by Fancy Bear agents to develop LoJax. Now, ESET has documented in detail [PDF] the spyware's inner workings, and listed signatures that can be used to detect and remove it from your own networks.

Essentially, the miscreants compromise a machine, gain administrator privileges, and then try to alter the motherboard firmware to include a malicious UEFI module that, if successful, installs and runs LoJax every time the computer is normally booted.

This malicious code thus gets to work before the OS and antivirus tools kick in. Changing the hard drive or reinstalling the operating system is no good – the malware is stored in the system's builtin SPI flash, and reinstalls itself on the new or wiped disk.

Once up and alive, LoJax contacts command-and-control servers that are disguised as normal websites and are known to be operated by Russian intelligence. It then downloads its orders to carry out.

On Thursday, the ESET team wrote:

We found a limited number of different LoJax samples during our research. Based on our telemetry data and on other Sednit tools found in the wild, we are confident that this particular module was rarely used compared to other malware components at their disposal. The targets were mostly government entities located in the Balkans as well as Central and Eastern Europe.

Our investigation has determined that this malicious actor was successful at least once in writing a malicious UEFI module into a system’s SPI flash memory. This module is able to drop and execute malware on disk during the boot process.

This persistence method is particularly invasive as it will not only survive an OS reinstall, but also a hard disk replacement. Moreover, cleaning a system’s UEFI firmware means re-flashing it, an operation not commonly done and certainly not by the typical user.

It turns out LoJack, otherwise known as Computrace, was a pretty decent template for designing a piece of hidden firmware-level spyware. "While researching LoJax, we found several interesting artifacts that led us to believe that these threat actors might have tried to mimic Computrace’s persistence method," ESET stated.

LoJax uses a kernel driver, RwDrv.sys, to rewrite the UEFI flash firmware and its settings to store itself, so that when the PC starts up, it copies itself to disk and runs itself. This kernel driver was swiped from a legitimate utility called RWEverything.

We're told by ESET that Secure Boot, if enabled, should stop LoJax from injecting itself into the firmware storage, because the code won't have a valid digital signature and should be rejected during startup. Be aware, though, this requires a sufficiently strong Secure Boot configuration: it has to be able to thwart administrator-level malware with read-write access to the UEFI storage.

There are firmware settings that can thwart the flash installation simply by blocking write operations. If BIOS write-enable is off, BIOS lock-enable is on, and SMM BIOS write-protection is enabled, then the malware can't write itself to the motherboard's flash storage.

Alternatively, wiping the disk and firmware storage will get rid of this particular rootkit strain.

Modern systems should be able to resist malicious firmware overwrites, we're told, although ESET said it found at least one case of LoJax in the PC's SPI flash.

"While it is hard to modify a system’s UEFI image, few solutions exists to scan system’s UEFI modules and detect malicious ones," wrote Team ESET. "Moreover, cleaning a system’s UEFI firmware means re-flashing it, an operation not commonly done and certainly not by the average user. These advantages explain why determined and resourceful attackers will continue to target systems’ UEFI."

While the steps taken to inject the malware into the firmware are somewhat involved, the end result is quite simple: creating a resident software evil that makes sure companion malware is loaded up when a compromised system boots up.

ESET presented its research on the UEFI rootkit it had uncovered at the 2018 Microsoft BlueHat conference on Thursday, September 27. See the above-linked PDF for more details in more depth. ®