Advanced, Multipurpose Malware Glupteba Adapts with New UEFI Bootkit

The Glupteba malware remains a significant threat to cybersecurity, with its recent campaign in November 2023 introducing a previously undocumented feature: a Unified Extensible Firmware Interface (UEFI) bootkit that can control the OS boot process. This allows the malware to hide itself and create a stealthy persistence that is difficult to detect and remove.

In a multi-stage campaign affecting several regions and industries, threat actors targeted organizations in Greece, Nepal, Bangladesh, Brazil, Korea, Algeria, Ukraine, Slovakia, Turkey, Italy, and Sweden. Large-scale phishing attacks and web-based distribution were used to spread Glupteba through fake software installation files and cracks.

Glupteba’s adaptation to the UEFI bootkit underscores the complexity and adaptability exhibited by modern cybercriminals. This highlights the pressing need for cybersecurity professionals to continually enhance their defenses and stay ahead of emerging threats.

Palo Alto Networks customers can protect themselves from Glupteba and other threats through products like Cortex XDR, Next-Generation Firewall with Cloud-Delivered Security Services, and Prisma Cloud Cortex XDR Cloud Agents or Prisma Cloud Defender Agents. Additionally, the UEFI Protection module released as part of Cortex Agent 8.3 provides detection and prevention capabilities against UEFI bootkits like Glupteba’s.

For more details on the campaign and the complete analysis of Glupteba’s UEFI bootkit, customers can access threat intelligence and mitigation strategies provided by Palo Alto Networks. Additionally, customers can reach out to the Unit 42 Incident Response team for any support or urgent matters related to this threat.

Overall, this new campaign by Glupteba demonstrates the need for integrated security solutions and proactive measures to combat evolving cyber threats. Keeping systems and defenses up to date is essential to stay ahead of emerging malware and cybercriminal tactics.

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles