Intel Security (McAfee) Releases Rootkit Scanner Following Vault 7 CIA Leak By

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Intel Security, soon to be rebranded as McAfee again, released on Wednesday a scanner that can identify hidden EFI firmware rootkits.

Intel said it decided to release the scanner after the recent WikiLeaks Vault 7 dump, which contained documentation files and manuals on hacking tools stolen from the CIA.

CIA working on EFI rootkits for Apple computers
The WikiLeaks Vault 7 documents revealed the CIA was working on two EFI rootkits at the time the files were stolen (allegedly by contractors and hackers).

The first project is named DerStarke, which the CIA describes as an "Apple EFI implant via flash unlock," while the second is named QuarkMatter, and is an "Apple EFI implant via EFI system partition."

While there's a little more information on the first, the second project appears to have been under active development, as the only information on QuarkMatter was a project objective:

Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant.

EFI/UEFI stands for "Unified Extensible Firmware Interface," and is a specification evolved from the old BIOS standard. Its role is the same, which is to assist with the initialization of hardware components while booting up the operating system.
........
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top