Firmware Malware

Firmware malware implants persist in the low-level code that initializes and operates hardware, below the operating system. Because firmware is rarely scanned and often resides in writable flash, an implant can survive disk wipes, OS reinstalls, and even drive replacement when it targets other components. Firmware threats include UEFI bootkits, malicious drive firmware, NIC implants, and management-controller backdoors. Initial infection typically requires physical access, supply-chain compromise, or kernel-level privileges to flash firmware. Defences include Secure Boot, signed firmware updates, measured boot and TPM attestation, vendor firmware integrity tools, hardware root of trust, and rigorous supply-chain controls.