What You Need to Know About Thunderstrike 2 Malware (Yes, Even Mac Users)

Tech October 2, 2015

Viruses, worms and spyware are the bane of unprotected operating systems. Of course, the keyword here is “unprotected” because it’s relatively easy to defend against malware. All you need is a good antivirus and a little bit of common sense. And, even if your system does get infected, you can still rescue it by performing a full system scan, repair or restore.

But how do you fight against a piece of malware that you—or even your operating system—can’t see? Well, that’s exactly what the worm Thunderstrike 2 is.

It goes straight to your BIOS


The problem with Thunderstrike 2 is that it bypasses your operating system and heads directly for your computer’s basic input/output system, the control center in charge of triggering your computer’s start-up sequence—including turning your operating system on. This means that it resides at a level that’s entirely separate from where your operating system is, which, in turn, prevents your antivirus from getting to it. It can practically do whatever it wants for as long as it wants without being detected.

Just imagine how much damage a virtually undetectable piece of malware can do to you and your system. It can record your passwords, copy, manipulate or delete your files, steal your identity, wipe your entire system and perform any other malicious task that can be written in code. It can also rewrite firmware updates before they even get applied to make your system even more vulnerable threats.

It runs on different systems—including Macs!


Turns out, Macs use a similar BIOS architecture to Windows systems, so it’s just as vulnerable to the threat of Thunderstrike 2. Apparently, compatibility is never an issue with this thing. It will gladly wreak havoc on any system that runs on the same vulnerable architecture.

You can’t remove it

Cannot Be Removed

At least not by yourself because it involves some extremely technical stuff that only professionals would know how to do.

It’s bad enough that it’s practically impossible to detect, but, even if you do, it still won’t amount to much because there’s nothing you can do about it.

It spreads rapidly

High Speed

Thunderstrike 2 houses itself on Ethernet devices and any other piece of hardware that has an option ROM. Anyone who connects to it automatically—and unknowingly—gets infected.

Imagine having your office routers infected. In just one day, Thunderstrike can affect everyone in your company and, in the process, find its way to everyone else through employees that don’t even know they’ve got the worm on their systems.

Fortunately, it’s just a dummy worm

Thunderstrike 2 was developed as part of the research done by security engineer Trammell Hudson and firmware security consultancy firm LegbaCore owner Xeno Kovah. This was done to demonstrate what exactly a BIOS-dwelling piece of malware means for the everyday user and encourage the device manufacturers, software engineers and operating systems developers to take the necessary steps to protect their products from threats like Thunderstrike 2.

If you wish to know more about the worm, you can read about it here.

Got anything to add? Tell us in the comments!

Leave a Reply

Your email address will not be published. Required fields are marked *