![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![Ditching a Microsoft Job to Enter Startup Purgatory with Lonewolf Engineer Sam Crombie [Podcast #171]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746753508177/0cd57f66-fdb0-4972-b285-1443a7db39fc.png?#)
_Piotr_Adamowicz_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_designer491_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
-xl-xl-xl.jpg)
![Apple Officially Releases macOS Sequoia 15.5 [Download]](https://www.iclarified.com/images/news/97308/97308/97308-640.jpg)
CPU microcode hack could infect processors with ransomware directly
A researcher created a working PoC for a ransomware strain that bypasses all antivirus programs.
- A researcher from Rapid7 created a working Proof of Concept for a CPU ransomware
- Such a ransomware would persist on a device even after the hard drive had been replaced
- The PoC will (most likely) never see the light of day
A security researcher wrote ransomware code that infects the computer’s CPU, making it invisible to virtually every antivirus program out there, and making it persistent even when the victim takes out and replaces the computer’s hard drive.
This is according to The Register, who recently spoke with Christiaan Beek, a cybersecurity researcher from Rapid7, who claims to have created a Proof-of-Concept (PoC) for such ransomware.
Malware at the CPU level is not exactly arcane science. We’ve seen it in the past, with the likes of JoLax, CosmicStrand, and other UEFI firmware rootkits. However, this is the first time someone’s successfully played with ransomware this way.
Save up to 68% for Techradar readers
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
CPU PoC
Beek said that he got the inspiration from a bug in AMD Zen processors that allowed threat actors to load malicious microcode and break the encryption at the hardware level. This would have allowed them to modify the behavior of the CPU as they saw fit.
Beek says that the leaked Conti chat logs from 2022 suggested that actual cybercriminals were discussing the same idea before, but they haven’t yet gotten to a working solution. At least, not that the cybersecurity community knows of.
"If they worked on it a few years ago, you can bet some of them will get smart enough at some point and start creating this stuff," the researcher told the publication.
He also said that he won’t be releasing the code on the internet: "Of course, we won't release that, but it's fascinating, right?"
Ransomware remains one of the biggest threats out there, with companies of all sizes losing billions of dollars every year. In fact, a recent Veeam study, which gathered insights from 1,300 CISOs, IT leaders, and security professionals across the Americas, Europe, and Australia, found that nearly three-quarters of businesses were impacted by ransomware over the past year.
Via The Register
You might also like
- The first UEFI bootkit malware for Linux has been detected, so users beware
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
