Firmware Malware
What is Firmware Malware?
Firmware MalwareMalicious code that lives in device firmware — BIOS/UEFI, network cards, drives, or peripherals — surviving OS reinstalls and most endpoint defences.
Firmware malware implants persist in the low-level code that initializes and operates hardware, below the operating system. Because firmware is rarely scanned and often resides in writable flash, an implant can survive disk wipes, OS reinstalls, and even drive replacement when it targets other components. Firmware threats include UEFI bootkits, malicious drive firmware, NIC implants, and management-controller backdoors. Initial infection typically requires physical access, supply-chain compromise, or kernel-level privileges to flash firmware. Defences include Secure Boot, signed firmware updates, measured boot and TPM attestation, vendor firmware integrity tools, hardware root of trust, and rigorous supply-chain controls.
● Examples
- 01
LoJax UEFI implant attributed to Sednit/APT28.
- 02
MoonBounce firmware implant that loads from SPI flash.
● Frequently asked questions
What is Firmware Malware?
Malicious code that lives in device firmware — BIOS/UEFI, network cards, drives, or peripherals — surviving OS reinstalls and most endpoint defences. It belongs to the Malware category of cybersecurity.
What does Firmware Malware mean?
Malicious code that lives in device firmware — BIOS/UEFI, network cards, drives, or peripherals — surviving OS reinstalls and most endpoint defences.
How do you defend against Firmware Malware?
Defences for Firmware Malware typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Firmware Malware?
Common alternative names include: Firmware implant, Below-OS malware.