>In terms of capability, I speculate that the best an attacker can achieve is a sticky, privileged process that accepts arbitrary commands at runtime, which can be used to read the disk, analyze other running processes, install and exfil sensor data, etc.
The worst-case scenario would be if the attacker somehow manages to rewrite your motherboard and/or SSD's firmware with a malicious firmware. And even if you reinstall your OS - he still manages to re-install the rootkit afterwards. I've only read about such type of malware but never have I seen or heard of anything like that in the wild.
The worst-case scenario would be if the attacker somehow manages to rewrite your motherboard and/or SSD's firmware with a malicious firmware. And even if you reinstall your OS - he still manages to re-install the rootkit afterwards. I've only read about such type of malware but never have I seen or heard of anything like that in the wild.