ESET Research has published a paper detailing the discovery of a malware campaign that used repurposed commercial software to create a backdoor in computers’ firmware—a “rootkit," active since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive replacement. While the malware had been spotted previously, ESET’s research is the first to show that it was actively attacking the firmware of computers to establish a tenacious foothold.

Dubbed “LoJax,” the malware is the first case of an attack leveraging the Unified Extensible Firmware Interface (UEFI) boot system being used in an attack by an adversary. And based on the way the malware was spread, it is highly likely that it was authored by the Sednit/Fancy Bear/APT 28 threat group—the Russian state-sponsored operation tied by US intelligence and law enforcement to the cyber-attack on the Democratic National Committee.

UEFI uh-oh

There have been a number of security concerns about UEFI’s potential as a hiding place for rootkits and other malware, including those raised by Dick Wilkins and Jim Mortensen of firmware developer Phoenix Technologies in a presentation at UEFI Plugfest last year. “Firmware is software and is therefore vulnerable to the same threats that typically target software,” they explained. UEFI is essentially a lightweight operating system in its own right, making it a handy place to put rootkits for those who can manage it.

WikiLeaks’ Vault 7 files showed that the CIA apparently developed an implant for Apple's computers that used the Extensible Firmware Interface (the predecessor of UEFI) but required physical access to the targeted computer and a malicious Thunderbolt Ethernet adapter (called the “Sonic Screwdriver”). But LoJax is an entirely different animal—it was built to be deployed remotely, using malware tools that can read and overwrite parts of the UEFI firmware’s flash memory.

“Along with the LoJax agents,” ESET researchers noted, “tools with the ability to read systems’ UEFI firmware were found, and in one case, this tool was able to dump, patch and overwrite part of the system’s SPI flash memory. This tool’s ultimate goal was to install a malicious UEFI module on a system whose SPI flash memory protections were vulnerable or misconfigured.”

Because of variations in the implementation of UEFI, those sorts of memory protection issues—the very sort of thing Wilkins and Mortensen warned of—have been entirely too common. And ESET researchers found at least one confirmed case of a successful deployment of LoJax.

Good hackers borrow, state hackers steal

While LoJax shows all the hallmarks of a state-funded attack, the Fancy Bear team had a little bit of a head start when it came to the UEFI payload—the Bears borrowed from a commercial software product that was purpose-built to stay active in a computer’s firmware. LoJax’s rootkit is essentially a modified version of a 2008 release of the LoJack anti-theft agent from Absolute Software, known at release as Computrace.

“LoJack attracted a lot of attention in recent years as it implements a UEFI/BIOS module as a persistence mechanism,” the ESET team wrote. That firmware module ensured a software “small agent” stayed installed on the computer, which connected to an Absolute Web server—even if the computer had its drive wiped. In other words, Computrace was a commercially developed firmware rootkit.

The protocols used by the client associated with LoJack/Computrace had no authentication. So if someone were able to impersonate the Absolute servers, they would have been able to hijack the client to their own ends. While this issue was brought up by researchers in 2014, it would be four more years before there was a hint that someone had actually done that.

On May 1, Arbor Networks reported the discovery of “trojanized” samples of the LoJack small agent—versions that had been modified to communicate with servers suspected to be connected to Fancy Bear activities. Domains used by the malware were the same used in 2017 for another backdoor known as SedUploader. The differences between the legitimate LoJack client and the malicious client were so small—in the tens of bytes, according to the ESET researchers—that they were largely not being detected as malware.

“At the time the [Arbor Networks] blog was published,” the ESET team wrote, “we had found different LoJax small agents targeting different entities in the Balkans as well as Central and Eastern Europe, but had no idea how they were installed.” While some traces of other Fancy Bear/Sednit malware were found in some cases, there were others where no means of delivery was apparent.

And then the researchers found two tools on an infected system—one intended to read the Serial Peripheral Interface (SPI) flash memory associated with UEFI firmware and another to overwrite that memory. The reader tool was based on drivers from a free, legitimate tool called RWEverything. The writer tool, ReWriter_binary, looks for the section of the firmware flash memory containing Driver Execution Environment (DXE) drivers—drivers that execute very early in the UEFI boot-up. It then writes its own malicious DXE driver into that memory area, attempting to circumvent any restrictions set in firmware to prevent such a write. Unfortunately, many of the safeguards to prevent such malicious writing to BIOS are turned off by default in many UEFI implementations.

In another bit of borrowing, the code in the malicious UEFI module uses an NTFS driver to access the Windows disk partition to make changes and install its agent. This NTFS driver was stolen from leaked software written by the Milan-based information security (and offensive hacking for hire) company Hacking Team. So really, this Russian state-sponsored rootkit was a team effort.