A sophisticated rootkit that’s able to insert itself into the lowest levels of Windows computers — the motherboard firmware — has been making victims since 2020 after disappearing from the radar for around three years. The rootkit, dubbed CosmicStrand by researchers from Kaspersky Lab, is stealthy and highly persistent since its code is stored deep in the UEFI, outside the detection scope of most security programs.
The Unified Extensible Firmware Interface (UEFI) is the modern equivalent to the BIOS. It’s the firmware that contains the necessary drivers to initialize and configure all hardware components of a computer before the main operating system starts and takes over. While BIOS rootkits used to be a relatively common occurrence many years ago, the UEFI has better security protections, so UEFI malware is relatively rare.