Malware

MoonBounce

First seen: 2021-01 • Status: active

Currently Active Threat

MoonBounce is a Chinese government virus that lives in your computer's firmware. It survives even if you replace the hard drive, making it very hard to remove.

Overview

MoonBounce is a UEFI firmware implant attributed to APT41. It persists in SPI flash memory and is extremely difficult to remove.

How It Spreads

  • Targeted nation-state attacks
  • Physical access

What It Does

  • Firmware-level persistence
  • Loads malware at boot
  • Survives OS reinstalls

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • UEFI integrity monitoring
  • Firmware scanning

MITRE ATT&CK Techniques

T1542

If You're Infected

  1. 1.

    Re-flash UEFI firmware

  2. 2.

    Contact incident response team

Related Malware

Blacklotus

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices