New malware appeared to take advantage of COVID-19 to wipe out the computer and overwrite the MBR

At present, security researchers have identified at least five of these malware strains, some of which have been released online, others seem to have been created just for testing or joking.

Their common feature is that they all take advantage of the corona virus situation and are designed to be destructive, not financially profitable.

Malware overrides MBR

Of the 4 malware samples discovered by security researchers last month, two were able to override the MBR region of the most advanced type.

Creating these types of malware requires advanced technical knowledge, because "tampering" with MBR is not an easy task, and when successful, it will prevent the system from booting. .

The first malware with the ability to override MBR was discovered by a security researcher nicknamed "MalwareHunterTeam". Using the name COVID-19.exe, this malware infects a computer through two stages.

In the first phase, it will display a rather annoying window that the user cannot close, because the malware has locked the Windows Task Manager already.

New malware appeared to take advantage of COVID-19 to wipe out the computer and overwrite the MBR Picture 1

While users are busy trying to handle this window, malware will silently overwrite the computer's MBR. It will then restart the computer, and the new MBR will jump out, preventing the user from continuing to boot the computer.

Users can regain access to the computer, but they will need some special applications with the function of restoring and rebuilding MBR to its original operating state.

New malware appeared to take advantage of COVID-19 to wipe out the computer and overwrite the MBR Picture 2

But there is another malware associated with the corona virus that overwrites MBR, and this malware has a much more complex mode of operation.

It claims to be "CoronaVirus ransomware", but only its appearance. The main function of the malware is to steal the password from the infected computer, then disguise a ransomware to deceive the user and hide its true purpose.

However, it is not ransomware, just disguised. Once the data theft operation is complete, the malware will move to a new stage: overwriting MBR, and preventing users from booting the system. When a user receives an extortion notice at the time of booting up and then cannot access the operating system, no one thinks that someone has just stolen their password.

New malware appeared to take advantage of COVID-19 to wipe out the computer and overwrite the MBR Picture 3

According to analysis from SentinelOne's security researcher Vitali Kremez and Bleeping Computer, the malware also contains a piece of code that wipes files from the user's system, but this function is not enabled in the malware version. they analyze.

Moreover, this malware is detected up to 2 times. Its version 2 was discovered by G DATA malware researcher Karsten Hahn, 2 weeks after the discovery of version 1. This time, the malware retained its ability to overwrite MBR, but replaced the data deletion feature with Screen lock feature.

Malware delete data

Security researcher "MalwareHunterTeam" also found two other malware that deletes data.

The first malware was discovered in February. It uses Chinese filenames, and is primarily aimed at Chinese users, although no one knows whether it has been released online or just a "dose of reagent." ".

The second malware, discovered the other day, was uploaded to the VirusTotal portal by someone living in Italy.

MalwareHunterTeam describes both types of malware as "weak data cleaners" because of their ineffectiveness, errors, and time-consuming file deletion methods. However, they still work, which is why they are dangerous if released online.

New malware appeared to take advantage of COVID-19 to wipe out the computer and overwrite the MBR Picture 4

The rudimentary .bat file of the malware deletes the aforementioned data

It's strange that so many people create malware like this, but this is not the first time this situation has happened. Among the many financially targeted malware strains that have been discovered, there are always a few malware created to make jokes, serving the hobby of hackers. The same thing happened during the WannaCry ransomware outbreak in 2017, when days after the original WannaCry ransomware had encrypted countless computers around the world, suddenly a series of copies caused the same problem. but for no apparent reason.

5 ★ | 1 Vote

May be interested

  • How to Invest in Treasury BillsPhoto of How to Invest in Treasury Bills
    treasury bills are a short-term government-backed investment option. treasury bills have a face value and are purchased for an amount lower than the face value. on the bill's maturity date, the government pays the bill's holder the face...
  • Facing silly naming mistakes, 15,000 Zoom video conversations were exposed on the open webPhoto of Facing silly naming mistakes, 15,000 Zoom video conversations were exposed on the open web
    this issue once again warns about the privacy and privacy settings of the zoom app, especially as it becomes more and more popular.
  • How to Protect Your Braids at NightPhoto of How to Protect Your Braids at Night
    box braids, cornrows, and other braids are a beautiful, fun, and expressive way to wear your hair. while these styles are pretty low-maintenance, you may be worried about your hair feeling dry, uncomfortable, or frizzy throughout the...
  • How to Keep Green Hair from FadingPhoto of How to Keep Green Hair from Fading
    dyeing your hair green is a fun way to express your personality and switch up your style. keeping your hair vibrant at the shade you want can be a frustrating process, especially since green tends to fade pretty quickly. by using the right...
  • How to Feed Pets when You Can't Find Pet FoodPhoto of How to Feed Pets when You Can't Find Pet Food
    one day you go to feed your pet and realize the food bin is empty. pet food can be costly, and it can also spoil or be hard to get in an emergency. don't get discouraged. instead, come up with some ways to hold your pet over until you are...
  • How to Clean TapePhoto of How to Clean Tape
    if you're a big fan of sticky, masking, or duct tape, you've probably run into some annoying residue spots on your clothing and furniture. while tape residue may seem like a permanent fixture in your home, it doesn't have to be! most...