1. Forum
  2. tqwNet
  3. TQW GENTECH

  • CPU microcode hack could infect processors with ransomware direct

    From TechnologyDaily@1337:1/100 to All on Monday, May 12, 2025 17:15:08
    CPU microcode hack could infect processors with ransomware directly

    Date:
    Mon, 12 May 2025 16:00:00 +0000

    Description:
    A researcher created a working PoC for a ransomware strain that bypasses all antivirus programs.

    FULL STORY ======================================================================A researcher from Rapid7 created a working Proof of Concept for a CPU
    ransomware Such a ransomware would persist on a device even after the hard drive had been replaced The PoC will (most likely) never see the light of day

    A security researcher wrote ransomware code that infects the computers CPU, making it invisible to virtually every antivirus program out there, and
    making it persistent even when the victim takes out and replaces the
    computers hard drive.

    This is according to The Register, who recently spoke with Christiaan Beek, a cybersecurity researcher from Rapid7, who claims to have created a Proof-of-Concept (PoC) for such ransomware.

    Malware at the CPU level is not exactly arcane science. Weve seen it in the past, with the likes of JoLax, CosmicStrand, and other UEFI firmware
    rootkits. However, this is the first time someones successfully played with ransomware this way.

    Save up to 68% for Techradar readers

    TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

    Preferred partner ( What does this mean? ) View Deal CPU PoC

    Beek said that he got the inspiration from a bug in AMD Zen processors that allowed threat actors to load malicious microcode and break the encryption at the hardware level. This would have allowed them to modify the behavior of
    the CPU as they saw fit.

    Beek says that the leaked Conti chat logs from 2022 suggested that actual cybercriminals were discussing the same idea before, but they havent yet gotten to a working solution. At least, not that the cybersecurity community knows of.

    "If they worked on it a few years ago, you can bet some of them will get
    smart enough at some point and start creating this stuff," the researcher
    told the publication.

    He also said that he wont be releasing the code on the internet: "Of course, we won't release that, but it's fascinating, right?"

    Ransomware remains one of the biggest threats out there, with companies of
    all sizes losing billions of dollars every year. In fact, a recent Veeam study, which gathered insights from 1,300 CISOs, IT leaders, and security professionals across the Americas, Europe, and Australia, found that nearly three-quarters of businesses were impacted by ransomware over the past year .

    Via The Register You might also like The first UEFI bootkit malware for
    Linux has been detected, so users beware Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cpu-microcode-hack-could-infect-process ors-with-ransomware-directly


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)