New malware appeared to take advantage of COVID-19 to wipe out the computer and overwrite the MBR
At present, security researchers have identified at least five of these malware strains, some of which have been released online, others seem to have been created just for testing or joking.
Their common feature is that they all take advantage of the corona virus situation and are designed to be destructive, not financially profitable.
Malware overrides MBR
Of the 4 malware samples discovered by security researchers last month, two were able to override the MBR region of the most advanced type.
Creating these types of malware requires advanced technical knowledge, because "tampering" with MBR is not an easy task, and when successful, it will prevent the system from booting. .
The first malware with the ability to override MBR was discovered by a security researcher nicknamed "MalwareHunterTeam". Using the name COVID-19.exe, this malware infects a computer through two stages.
In the first phase, it will display a rather annoying window that the user cannot close, because the malware has locked the Windows Task Manager already.

While users are busy trying to handle this window, malware will silently overwrite the computer's MBR. It will then restart the computer, and the new MBR will jump out, preventing the user from continuing to boot the computer.
Users can regain access to the computer, but they will need some special applications with the function of restoring and rebuilding MBR to its original operating state.

But there is another malware associated with the corona virus that overwrites MBR, and this malware has a much more complex mode of operation.
It claims to be "CoronaVirus ransomware", but only its appearance. The main function of the malware is to steal the password from the infected computer, then disguise a ransomware to deceive the user and hide its true purpose.
However, it is not ransomware, just disguised. Once the data theft operation is complete, the malware will move to a new stage: overwriting MBR, and preventing users from booting the system. When a user receives an extortion notice at the time of booting up and then cannot access the operating system, no one thinks that someone has just stolen their password.

According to analysis from SentinelOne's security researcher Vitali Kremez and Bleeping Computer, the malware also contains a piece of code that wipes files from the user's system, but this function is not enabled in the malware version. they analyze.
Moreover, this malware is detected up to 2 times. Its version 2 was discovered by G DATA malware researcher Karsten Hahn, 2 weeks after the discovery of version 1. This time, the malware retained its ability to overwrite MBR, but replaced the data deletion feature with Screen lock feature.
Malware delete data
Security researcher "MalwareHunterTeam" also found two other malware that deletes data.
The first malware was discovered in February. It uses Chinese filenames, and is primarily aimed at Chinese users, although no one knows whether it has been released online or just a "dose of reagent." ".
The second malware, discovered the other day, was uploaded to the VirusTotal portal by someone living in Italy.
MalwareHunterTeam describes both types of malware as "weak data cleaners" because of their ineffectiveness, errors, and time-consuming file deletion methods. However, they still work, which is why they are dangerous if released online.

The rudimentary .bat file of the malware deletes the aforementioned data
It's strange that so many people create malware like this, but this is not the first time this situation has happened. Among the many financially targeted malware strains that have been discovered, there are always a few malware created to make jokes, serving the hobby of hackers. The same thing happened during the WannaCry ransomware outbreak in 2017, when days after the original WannaCry ransomware had encrypted countless computers around the world, suddenly a series of copies caused the same problem. but for no apparent reason.
You should read it
- Hackers use a map to track the situation of the Corona virus to spread malware
- Looking for solutions to corona virus toxicity: When do they cause death, when only cause flu?
- Distinguishing corona virus infection and the common cold, pay attention to this
- [Infographic] 13 false rumors about corona virus: WHO explains why they are all unscientific
- What makes us feel scared about the new corona virus?
- Corona virus is very sensitive to high temperatures
- 6 methods to prevent corona virus from office workers should follow
- This AI 'doctor' is being used to quickly diagnose Corona virus
May be interested
- Download the free WannaCry malware checker nowthe free wannacry malware checking tool is released from bkav, capable of checking whether a computer contains an eternalblue vulnerability. this is the flaw that wannacry took advantage of to invade the computer.
- Distinguish Delete and Erase, wipe and shredwiping, shredding, deleting, erasing all seem to have similar meanings, but in essence, these operations have completely different meanings.
- How many types of malware do you know and how to prevent them?currently, computer criminals use a lot of different malware (malware) to attack the system. here are some of the most common malware types and ways to prevent them.
- Kaspersky discovered many fraudulent websites that took advantage of the Covid-19 vaccinescammers are constantly looking for methods to steal user data. they actively spread spam and fraudulent sites related to the covid-19 pandemic to profit from outstanding news.
- What is Safe Malware? Why is it so dangerous?remote access trojan (rat) is a type of malware that allows hackers to monitor and control the victim's computer or network.
- Downloaded malware? Try these fixes before factory reset!getting infected with malware is basically a given at some point; when it happens to you, follow these tips to save your malware-infected computer.
- How to Fix a Malware Infection on Your Computerviruses, malware, and spyware can wreak havoc on your computer; they can cause damage to your important files or even allow hackers to steal important information. worst of all, your computer can become unusable, requiring purchase of a...
- Instructions to remove Malware on the computerto get rid of malware, we need specialized anti-virus software to handle it. in this article, tipsmake.com will guide you how to remove malware on your computer quickly and effectively.
- 7 signs your computer is infected with malwareusers should be wary of malware if they see too many pop-up pages appearing or some customizations suddenly changing.
- Check Malware malware for computers with Malwarebytes Anti-Malwaremalwarebytes anti-malware is software that scans, checks for viruses, malicious code hidden in the computer and can completely remove them from the computer to keep the computer safe.