Nemesis Bootkit Malware – Reappears even after Re-installation of the OS
- This makes the malicious threat hard to detect and remove using traditional security approaches.
- This makes the malware infection reappears even after the complete reinstallation of the Windows operating system.
“The malware that persists outside of the operating system (OS) requires a different approach to detection and eradication,” security analysts from FireEye wrote in a blog post published Monday.
“Malware with bootkit functionality can be installed and executed almost entirely independent of the Windows [OS]. As a result, incident responders will need tools that can access and search raw disks at scale for evidence of bootkits.”
How Does the Malware Work?
- First, the malicious code that injects the Nemesis components stored in the virtual file system into the Windows kernel
- Then the Operating System code
Hackers behind Nemesis Malware
“We identified the presence of a financially motivated threat group that we track as FIN1, whose activity at the organization dated back several years,” FireEye researcher wrote. “The threat group deployed numerous malicious files and utilities, all of which were part of a malware ecosystem referred to as ‘Nemesis’ by the malware developer(s).”
How to Protect Your Systems From Nemesis Bootkit Malware?
“System administrators should perform a complete physical wipe of any systems compromised with a bootkit and then reload the operating system,” FireEye researchers recommend.