A new module enables TrickBot malware to scan for vulnerable UEFI configurations on infected systems. This could enable attackers to brick systems or deploy low-level backdoors that are hard to remove. TrickBot is a botnet that serves as an access gateway into enterprise networks for sophisticated ransomware and other cybercriminal groups. Microsoft, together with several other companies, launched a coordinated effort to disrupt TrickBot’s command-and-control infrastructure in October, but the botnet is still alive and the hackers are fighting to regain control. The new TrickBot module uses a driver called RwDrv.sys to read and write to the firmware of any hardware component.”]