ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Computrace

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Computrace

NamesComputrace
LoJack
CategoryMalware
TypeRootkit
Description(Malwarebytes) Security researchers have detected the first known instance of a UEFI bootkit being used in targeted campaigns against government entities across Central and Eastern Europe. The attack focuses on UFEI-enabled computers and relies on a persistence mechanism that has been stolen from a legitimate, but often questioned, software called Computrace that comes by default on many computer systems.

This Computrace agent from Absolute Software is a service designed to recover lost or stolen computers, the underlying technology of which is based on the LoJack Stolen Vehicle Recovery System. In 2005, Absolute Software licensed the LoJack name and subsequent tracking technology to aid in recovery efforts of stolen computers. After negotiations with manufacturers, the Computrace agent from Absolute Software—or LoJack for computers—now comes pre-loaded on a large number of machines.
Information<https://blog.malwarebytes.com/cybercrime/hacking/2018/10/lojack-for-computers-used-to-attack-european-government/>
<https://www.lastline.com/labsblog/apt28-rollercoaster-the-lowdown-on-hijacked-lojack/>
<https://bartblaze.blogspot.de/2014/11/thoughts-on-absolute-computrace.html>
<https://asert.arbornetworks.com/lojack-becomes-a-double-agent/>
<https://www.absolute.com/en/resources/faq/absolute-response-to-arbor-lojack-research>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.computrace>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:computrace>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool Computrace

ChangedNameCountryObserved

APT groups

 Sofacy, APT 28, Fancy Bear, SednitRussia2004-Jun 2021X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key