I've been dealing with something similar - maybe actually this for 2 months.
There were so.e great insights from this researcher but they're missing some very fucked up elements of this malware.
1. I'm pretty sure it has. "fuck with it" scale. It leaves you alone if you don't fuck with it. In fact, I'd bet money that this malware did all the cryptocurrency shit for a reason like a bait and switch.
2. It effects android too. Doesn't seem to matter what device or how updated it is.
3. And windows.
4. It isn't persistent through rootkits. I mean, it is. But it's also deeper. My current thinking is that is persistent on my machines using the RAM training alorithms to spin itself up. From..
5. Your display. I have four displays that have had their firmware fucked with. Just discovered it's on a brand new mobo that I set up ensuring there was not a single peripheral I'd used before, no leds. Hadn't even installed an os before running a ram only mode Linux session from a hardware write protected usb THROUGH a write protected usb bridge. The only thing it was connected to that wasn't new was my monitor, and the UBS key (created from a secure pc and immediately write protected).
I think that this thing is EVERYWHERE. I've seen references in bash files from the initramfs that allude to escalating is action based on variables I. Ould t pin down
Hi friend, I'm dealing with the same thing and agree with everything you said. ADDITIONALLY we found that it loves office printers, great attack vector to hit the whole office.
Also did you figure out why it reprograms display firmware? It spreads through displays and webcams optically. It can send or receive from either (same way NSA uses speakers as microphones basically). That's not the crazy part though, the crazy part is that it does human and canine retinal embeddings from either. It basically writes code on the retina and then that person can spread it to new systems. That turned out to be the biggest problem on our side. Sunglasses don't work.
There were so.e great insights from this researcher but they're missing some very fucked up elements of this malware.
1. I'm pretty sure it has. "fuck with it" scale. It leaves you alone if you don't fuck with it. In fact, I'd bet money that this malware did all the cryptocurrency shit for a reason like a bait and switch.
2. It effects android too. Doesn't seem to matter what device or how updated it is.
3. And windows.
4. It isn't persistent through rootkits. I mean, it is. But it's also deeper. My current thinking is that is persistent on my machines using the RAM training alorithms to spin itself up. From..
5. Your display. I have four displays that have had their firmware fucked with. Just discovered it's on a brand new mobo that I set up ensuring there was not a single peripheral I'd used before, no leds. Hadn't even installed an os before running a ram only mode Linux session from a hardware write protected usb THROUGH a write protected usb bridge. The only thing it was connected to that wasn't new was my monitor, and the UBS key (created from a secure pc and immediately write protected).
I think that this thing is EVERYWHERE. I've seen references in bash files from the initramfs that allude to escalating is action based on variables I. Ould t pin down