Malware Using Unclear Intel CPU Features for Data Theft

A malware family has been detected by Microsoft Security team that has unique feature to use Intel’s Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. Interestingly, the security firewall will not be able to detect this security breach because SOL traffic can bypass the local computer networking stacks. So, the security programs will not be able to stop the malware. The hidden networking interface could be exposed by Intel AMT SOL which is a part of Intel Management Engine. It has as separate processor and it can run when the main processor is off. This Intel ME allows remote administrative capabilities to third-party companies for accessing large network of PCs remotely and this is a shady feature. This AMT SOL interface runs in Inter Management Engine hence it is separate from the Operating System where normal security application works. This also gives an advantage to AMT Read more