Skip to main content
  1. Home
  2. Computing
  3. News

If you have a Gigabyte motherboard, your PC might stealthily download malware

Monica J. White
By

Yet another motherboard manufacturer seems to be in trouble — or rather, the people who own those motherboards might be. According to security researchers, countless Gigabyte boards might be vulnerable to dangerous cyberattacks.

If you want to be extra safe, there are a couple of things you can do to protect your PC. Here’s what we know.

A Gigabyte Aorus Extreme motherboard.
Image used with permission by copyright holder

According to a report published by security company Eclypsium, many Gigabyte motherboards are at risk. Eclypsium published a full list of the models that are affected by the vulnerability, and that list alone encompasses over 270 different entries. That means that if you own a Gigabyte board, chances are that you’re affected by this too. Both AMD and Intel platforms might be compromised.

Related

To give you a quick recap on what’s going on, Eclypsium has found a vulnerability within the firmware of those Gigabyte motherboards. Gigabyte’s own software automatically updates the firmware without further prompts, and because of that, it opens the door to potential attacks.

Recommended Videos

The list of risks is huge, but individual users are in less danger than organizations that run multiple computers equipped with Gigabyte boards. This is because the attacker would have to be using the same network as you in order to divert the software updater to download a harmful payload instead of a new firmware update. Still, this could be dangerous and awfully difficult to get rid of. To make matters worse, out of the three possible download locations for Gigabyte’s firmware, one of them is only using a plain HTTP address instead of HTTPS, further lowering the security of the downloading process.

While this is a quite sophisticated and situational hack, if a threat actor or hacker group manages to carry out the attack, the consequences could be disastrous. Let’s go over them quickly.

For one, hackers could exploit vulnerable software built into a computer’s firmware in order to pose as a legitimate feature. From there, they could gain full access to the affected PC and network. UEFI rootkits and implants, which are a type of malware, also pose a great threat because they’re executed before your system even starts up. As such, not even reinstalling the operating system and wiping your drives clean would be enough to get rid of them.

Perhaps the worst thing of all is that the firmware download occurs during system start-up, so you’d likely be none the wiser until it would be too late. Eclypsium goes into a lot of detail in its report as to what the dangers of this vulnerability are, so make sure to read it here if you’re interested.

How to protect yourself

The front of a Project Stealth PC.
Gigabyte

Gigabyte is working with Eclypsium in order to fix this issue. The company released an official statement, saying that its engineers have already addressed the potential risks in the latest beta version of the BIOS. This means that owners of Intel 700/600 or AMD 500/400 boards could go ahead and download the update and stay safe, but using a beta version of the BIOS comes with some risks of its own. It’s unclear whether using it would affect the board warranty at this point.

Fortunately, Eclypsium has also provided a couple of fixes that can tide you over until Gigabyte clears everything up. You’ll first have to enter the BIOS. This is most commonly done by tapping the F2 or Del key over and over during the time when your PC is starting up, but if that doesn’t work, check out our guide on how to use the BIOS to see if there are any other keys you might need to mash here.

Once you’re on the options screen, navigate to the App Center Download & Install feature and disable it. This turns off automatic updates. We also recommend setting a BIOS password to add an extra layer of security.

Motherboards, in general, have had their share of troubles lately. As Gigabyte is battling this problem, Asus also finds itself in the crossfire following a huge AMD Ryzen 7000 controversy. Instead of a cybersecurity threat, users with Asus boards have found their PCs at risk of burning up.

Editors' Recommendations

Topics
Monica J. White
Monica J. White
Computing Writer
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
This game lets hackers attack your PC, and you don’t even need to play it
Genshin Impact characters.

Hackers have been abusing the anti-cheat system in a massively popular game, and you don't even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game's anti-cheat measures in order to disable antivirus programs on the target machine. From there, they're free to conduct ransomware attacks and take control of the device.

Read more
Here’s everything you need to build a great gaming PC in 2022
AMD RX 6950 XT installed in a PC.

While building a PC is fairly straightforward, there are numerous ways to make mistakes without proper planning and preparation for a new build. We rounded up everything you need to build a gaming PC so you can get past compatibility issues and choose hardware that works for your build.
Hardware that makes sense
The first step in building a PC is selecting hardware that makes sense for both your budget and your interests. Even if you have an unlimited budget, it's not always the best idea to simply grab the most expensive parts. Here's an overview of what you need:

A case
A graphics card, or GPU
A processor, or CPU
RAM
Storage
A power supply
A CPU cooler

Read more
This malware infects your motherboard and is almost impossible to remove
A digital encrypted lock with data multilayers.

Researchers have discovered malware that has been secretly infecting systems featuring Asus and Gigabyte motherboards for at least six years.

Since 2016, Chinese-speaking hackers have been infiltrating machines with the CosmicStrand malware, according to a report from Bleeping Computer.

Read more