The Moon Bounce UEFI malware

Page 1 of 2 12 LastLast

  1. Posts : 624
    Windows 10 Pro 21H2 x64
       #1

    The Moon Bounce UEFI malware


    I've been getting words about at least some of the worst malware out there.

    What's the chance of me getting it on Windows 10 after getting an annoying ad? I have Windows 10 21H2, OS build 19044.1466.

    I did see what looked like malvertising, but saw nothing more than a pop-up, when I was going to close the tab.

    I have the latest non-beta UEFI BIOS on my ASRock B550 PG Velocita.

    I'm guessing I won't know until I found out that all passwords were stolen from me.

    This has me worried! I now wonder if I should have regretted not enabling Secure Boot and installing Windows 11.

    That ad was at The Weather Channel's web site, weather. com, when using the latest version of Edge.
      My Computers


  2. Posts : 23,014
    Win 10 Home ♦♦♦19045.4239 (x64) [22H2]
       #2

    https://www.malwarebytes.com/adwcleaner





    @RJARRRPCGP

    As for Moon Bounce... I would imagine you're not one of the targets Moon Bounce aims for.

    New MoonBounce UEFI malware used by APT41 in targeted attacks




    APT41 still going strong

    Kaspersky found plenty of evidence linking MoonBounce to APT41, ranging from the deployment of the ScrambleCross malware itself to unique certificates retrieved from its C2 servers which match previous FBI reports on APT41 activity.

    While the U.S. Department of Justice identified and charged five APT41 members in September 2020, the existence of MoonBounce and the operation around it proves the threat actors weren't discouraged by the legal pressure.

    APT41 remains a sophisticated threat actor who can develop evasive tools that bypass even the most impenetrable corporate networks.

    With UEFI threats now getting more traction, Kaspersky advises potential to take the following measures to defend against attackers using MoonBounce or similar malware:

    Enable Secure Boot by default
    Update firmware regularly
    Verify that BootGuard is enabled
    Enable Trust Platform Modules



    Lastly, I go to weather.com 3-4 times a day, with no problems. I'm guessing you probably have Adware, rather than a Moon Bounce issue. See the first link I posted.
      My Computer


  3. Posts : 624
    Windows 10 Pro 21H2 x64
    Thread Starter
       #3

    Ghot said:
    https://www.malwarebytes.com/adwcleaner





    @RJARRRPCGP

    As for Moon Bounce... I would imagine you're not one of the targets Moon Bounce aims for.

    New MoonBounce UEFI malware used by APT41 in targeted attacks









    Lastly, I go to weather.com 3-4 times a day, with no problems. I'm guessing you probably have Adware, rather than a Moon Bounce issue. See the first link I posted.
    I think it's Edge just not blocking ads. I bet they will disappear with Firefox or setting the restrictions higher in Edge.

    This appears to be typical in a default browser. Honestly, I think it's a JS that waits for me to move my mouse pointer off the window.

    I got ads that are malicious, if clicked on, but the usual, too at Bleeping Computer. But I just changed the anti-tracking settings to "Strict" in Edge.
      My Computers


  4. Posts : 23,014
    Win 10 Home ♦♦♦19045.4239 (x64) [22H2]
       #4

    RJARRRPCGP said:
    I think it's Edge just not blocking ads. I bet they will disappear with Firefox or setting the restrictions higher in Edge.

    This appears to be typical in a default browser. Honestly, I think it's a JS that waits for me to move my mouse pointer off the window.

    You're probably right.
    That ADWcleaner is free. Run it just in case you picked up some adware.
      My Computer


  5. Posts : 624
    Windows 10 Pro 21H2 x64
    Thread Starter
       #5

    Ghot said:
    You're probably right.
    That ADWcleaner is free. Run it just in case you picked up some adware.
    Looks like the ads are gone. They would come up right away, think they are in the page. It's '00s-style BS!

    Actually, I was on the lookout for drive-by-malware-installation.

    And I was never the one who went to that unmentioned "typosquatter" pun-on-Google-name web site!
      My Computers


  6. Posts : 23,014
    Win 10 Home ♦♦♦19045.4239 (x64) [22H2]
       #6

    RJARRRPCGP said:
    Looks like the ads are gone. They would come up right away, think they are in the page. It's '00s-style BS!

    Actually, I was on the lookout for drive-by-malware-installation.

    And I was never the one who went to that unmentioned "typosquatter" pun-on-Google-name web site!



    The secret to peace of mind...is mucho backups.


    As Lobsang said, in the book, The Long Earth... "You can never have too much backup".
    (Lobsang was a Tibetan motorcycle repairman, reincarnated as a computer. )
      My Computer


  7. Posts : 624
    Windows 10 Pro 21H2 x64
    Thread Starter
       #7

    Ghot said:
    The secret to peace of mind...is mucho backups.
    I do have a lot of backups, but I'm almost out of USB flash drives, LOL, because I used one to install Windows 10 21H2 with and the others are for mostly for game backups.

    And if this malware gets snuck into PCs, it most likely will be in the UEFI-BIOS! People may be buying motherboards as if they were USB flash drives! Yikes!
      My Computers


  8. Posts : 23,014
    Win 10 Home ♦♦♦19045.4239 (x64) [22H2]
       #8

    RJARRRPCGP said:
    I do have a lot of backups, but I'm almost out of USB flash drives, LOL, because I used one to install Windows 10 21H2 with and the others are for mostly for game backups.


    Then you are definitely... ahead of the game.
      My Computer


  9. Posts : 624
    Windows 10 Pro 21H2 x64
    Thread Starter
       #9

    Ghot said:
    Then you are definitely... ahead of the game.
    Was wondering if that was related to a UEFI-BIOS flaw, like that remote-code-execution flaw in CSME on 9th-gen Intel and earlier.

    What I got is a good entry into the B550 chipset and Ryzen 5000 series. One year ago, if you wanted a Ryzen 5 5600X, then you probably could fuhgettaboutit!
      My Computers


  10. Posts : 23,014
    Win 10 Home ♦♦♦19045.4239 (x64) [22H2]
       #10

    RJARRRPCGP said:
    Was wondering if that was related to a UEFI-BIOS flaw, like that remote-code-execution flaw in CSME on 9th-gen Intel and earlier.

    What I got is a good entry into the B550 chipset and Ryzen 5000 series. One year ago, if you wanted a Ryzen 5 5600X, then you probably could fuhgettaboutit!


    Well, you can always flash the BIOS if you're worried about it.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:33.
Find Us




Windows 10 Forums