After CIA leak, Intel Security releases detection tool for EFI rootkits
Intel Security has released a tool that allows users to check if their computer’s low-level system firmware has been modified and contains unauthorized code.
The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple’s Macbooks. A rootkit is a malicious program that runs with high privileges — typically in the kernel — and hides the existence of other malicious components and activities.
The documents from CIA’s Embedded Development Branch (EDB) mention an OS X “implant” called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.