Computrace

Description

(Malwarebytes) Security researchers have detected the first known instance of a UEFI bootkit being used in targeted campaigns against government entities across Central and Eastern Europe. The attack focuses on UFEI-enabled computers and relies on a persistence mechanism that has been stolen from a legitimate, but often questioned, software called Computrace that comes by default on many computer systems.

This Computrace agent from Absolute Software is a service designed to recover lost or stolen computers, the underlying technology of which is based on the LoJack Stolen Vehicle Recovery System. In 2005, Absolute Software licensed the LoJack name and subsequent tracking technology to aid in recovery efforts of stolen computers. After negotiations with manufacturers, the Computrace agent from Absolute Software—or LoJack for computers—now comes pre-loaded on a large number of machines.

Names

Name
Computrace
LoJack

Category

Malware

Type

• Rootkit

Information

• https://blog.malwarebytes.com/cybercrime/hacking/2018/10/lojack-for-computers-used-to-attack-european-government/
• https://www.lastline.com/labsblog/apt28-rollercoaster-the-lowdown-on-hijacked-lojack/
• https://bartblaze.blogspot.de/2014/11/thoughts-on-absolute-computrace.html
• https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
• https://www.absolute.com/en/resources/faq/absolute-response-to-arbor-lojack-research

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.computrace

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:computrace

Other Information

Uuid

0ed6c93b-24a1-477f-b921-a3741bc0eba9

Last Card Change

2020-05-13