| Incident | Year | Description | |----------|------|-------------| | Equation Group HDD implants | 2015 | Sophisticated firmware rewriting of Western Digital, Seagate, Samsung, and IBM drives. Used for long-term espionage. | | LoJax UEFI rootkit | 2018 | First UEFI rootkit used in the wild by APT28 (Sednit). Targeted Balkan governments. Survived OS reinstall. | | MosaicRegressor | 2020 | UEFI bootkit found in laptops from a Chinese manufacturer. Delivered via compromised firmware update channels. | | MoonBounce | 2021 | UEFI firmware implant on Gigabyte motherboards, used by advanced persistent threat actors. | | BlackLotus UEFI bootkit | 2022 | Sold on hacking forums for $5,000–$9,000. Bypasses Secure Boot and HVCI on fully patched Windows 11. | | CosmicStrand | 2023 | Firmware backdoor in consumer motherboards, likely for espionage. Persists across OS reinstalls. |
To date, cybersecurity firms have documented over 1,200 distinct incidents of criminality femware between 2021 and 2025. Real victims include:
These cases share a common thread: The weaponization of female biology as a vector for control and coercion.
The rise of criminality femware has spawned specialized market segments. On encrypted forums like Genesis Fem and Lolita’s Lair (names altered for security), vendors sell: criminality femware
Prices range from $50 for a single victim’s full femhealth history to $20,000 for a "live feed" from a targeted high-value individual.
Cybercriminals now create fake femhealth landing pages that mimic popular period trackers. Victims download what they believe is a legitimate app, but the software installs a backdoor that exfiltrates:
These phishing femware kits are sold as "crimeware-as-a-service" on the dark web for as little as $200. To date, cybersecurity firms have documented over 1,200
| Component | Criminal Use | |-----------|---------------| | UEFI/BIOS | Bootkits, Secure Boot bypass, ransomware persistence | | Hard disk/SSD firmware | Data interception, covert storage of stolen data | | Network card firmware | Packet sniffing, C2 communication hiding | | USB controller firmware | BadUSB attacks, keystroke injection | | Baseband (mobile) | IMSI catching, call/SMS interception | | IoT device firmware | Botnets, DDoS, surveillance |
When we think of computer viruses, we typically imagine malicious files infecting an operating system—Windows, macOS, or Linux. We assume that a simple factory reset or a hard drive wipe will remove the infection. But in the dark corners of the cyber underworld, a more insidious threat has emerged: Criminality Firmware.
This term refers to malicious code injected not into the software, but into the deep, persistent memory of hardware components. It represents the ultimate persistence: malware that survives reboots, reformatting, and even hard drive replacements. These cases share a common thread: The weaponization
In 2024, a new ransomware variant called "OvaLock" emerged. Unlike traditional ransomware that encrypts all files, OvaLock specifically searches for and encrypts gynecological records, fertility clinic databases, and femtech app backups. The ransom note threatens to publish the victim’s pregnancy attempts, miscarriages, or abortion history unless a payment is made in cryptocurrency.
Here, criminality femware intersects with reproductive rights: In jurisdictions where abortion is criminalized, attackers have threatened to report victims to law enforcement using stolen data.