With the coronavirus pandemic raging all over the world, some hackers have developed malware that destroys infected systems, either by wiping files or rewriting a computer’s master boot record (MBR).
At least five malware strains have been identified — some distributed in the wild, while others appear to have been created only as tests or jokes.
The common theme among them is that they use a coronavirus-theme and are geared towards destruction, rather than financial gain.
MBR-rewriting COVID-19 malware
Of all the malware samples found by security researchers this past month, the most advanced were the two samples that rewrote MBR sectors — producing a computer that can’t boot at all.
The first of the MBR-rewriters, called COVID-19.exe, was discovered by a security researcher that goes by the name of MalwareHunterTeam. It’s a two-stage malware that starts by showing an annoying window, which users can’t close because the malware has also disabled the Windows Task Manager.
In the background, however, the malware is silently rewriting the computer’s master boot record and then restarts the PC only to block users into a pre-boot screen.
Users can eventually regain access to their computers, but they’ll need special apps that can be used to recover and rebuild the MBR to a working state.
A second coronavirus-themed malware is nastier as it can rewrite the MBR, while also stealing the users’ passwords. To make for an even more convoluted operation, it masks as a “CoronaVirus ransomware” — but no ransom was ever asked for. It was aiming at the victim’s passwords, instead.
Furthermore, according to analysis from SentinelOne security researcher Vitali Kremez and Bleeping Computer, the malware also has the code to wipe files on the user’s systems, but this didn’t appear to be active in the version they analyzed.
Data-wiping COVID-19 malware
MalwareHunterTeam security researchers have also spotted two coronavirus-themed data wipers.
The first was caught back in February, and since it used a Chinese file name – it was most likely targeting Chinese users; the second was spotted more recently, and was found uploaded on the VirusTotal portal by someone located in Italy.
Both strains were described as “poor wipers” because of the inefficient, error-prone, and time-consuming methods they used to erase files on infected systems. However, they worked, which made them dangerous if ever spread in the wild.
Aside from the one malware type that steals the users’ passwords, others are not made for hackers’ financial gain. So in a way, they are more like jokes — bad ones, mind you — but jokes nevertheless.
In any case, we don’t wish anyone to fall victim to these nasty jokes and, therefore, we advise you to run the latest version of anti-virus software on your computers, smartphones, and other devices. Also, use a VPN to protect your data while surfing the web and overall keep your identity under the radar. It’s a tough world out there and you can never be too careful.