Security News > 2020 > April > Coronavirus Malware Makes Devices Unusable by Overwriting MBR

Coronavirus Malware Makes Devices Unusable by Overwriting MBR
2020-04-02 11:49

A newly discovered piece of malware is taking advantage of the current COVID-19 pandemic to render computers unusable by overwriting the MBR. Cybercriminals were quick to exploit the coronavirus crisis for their malicious attacks, including phishing, malware infections, and the likes, and it did not take long for state-sponsored threat actors to join the fray.

In addition to banking Trojans targeting enterprise workers and information-stealing malware aimed at multiple industries, which only steal victims' information, miscreants are also disseminating destructive threats, such as the newly observed wiper.

When executed, the malware drops a series of helper files inside a temporary folder, including a BAT file that identifies itself as "Coronovirus Installer," and which is responsible for most of the setup work.

The file, SonicWall's security researchers reveal, creates a folder named COVID-19, where it moves the previously dropped helper files.

A batch file is then created to ensure that the previously operated registry modifications remain unaltered and to facilitate the launch of an executable file called "MainWindow.exe."


News URL

http://feedproxy.google.com/~r/Securityweek/~3/zhqVvtWVjx0/coronavirus-malware-makes-devices-unusable-overwriting-mbr