Researchers Observed Backdoor-Like Behavior In Gigabyte Systems

Researchers have noticed a weird backdoor-like behavior with Gigabyte systems that risks devices’ security. The backdoor existence risks potential supply-chain attacks due to the release of pre-infected systems in the wild. The researchers suspect that the backdoor may deploy further payloads on target PCs.

Gigabyte Systems Backdoor Behavior Risks Supply-Chain Attack

According to a recent report from Eclypsium, their researchers detected backdoor-like behavior in Gigabyte systems available to the public.

As explained, Eclypsium’s heuristic detection methods highlighted a peculiar Windows native executable in Gigabyte systems dropped during the startup process. The executable employs OEM backdoor-like features, and it exists due to the insecure implementation of Gigabyte app center capability.

While the researchers duly reported the matter to Gigabyte, they also decided on the public disclosure of the matter, given the inherent risks associated with this backdoor. That’s because complete backdoor removal requires firmware updates; simultaneously, leaving unpatched systems in the wild without informing the users can also expose organizations to supply-chain attacks. As stated in the post,

While our ongoing investigation has not confirmed exploitation by a specific threat actor, an active widespread backdoor that is difficult to remove poses a supply chain risk for organizations with Gigabyte systems.

The researchers suspect this backdoor may be a legitimate feature from the vendors. Nonetheless, the repeated cybersecurity incidents with Gigabyte in the past make the researchers doubt the said executable’s existence.

Recommended Mitigations Until A Patch Arrives

As Eclypsium continues investigating the matter, the researchers have shared some mitigations for the organizations to avoid potential risks associated with this backdoor.

These include scanning and updating the respective Gigabyte systems with firmware updates and monitoring the systems for malicious activities via the embedded backdoor-like tools. Also, the researchers advise the IT admins to consider disabling the “APP Center Download & Install” feature in UEFI/BIOS Setup on Gigabyte systems.

Likewise, securing the systems’ BIOS with a password and applying URL filtering may also help the IT teams to fend off potential attacks.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil