The coronavirus pandemic is raging all over the globe thee days, triggering panic, fear, and uncertainty. Our lives have changed, and this will probably turn out to be the biggest disaster that our generation has witnessed during this lifetime.
Healthcare systems and economies all over the world are being hit violently these days.
It’s been just reported by ZDNet that hackers believe that this is the best moment to torture people some more, and they developed malware that destroys infected systems. Programs can do this by wiping files or rewriting a computer’s master boot record (MBR).
ZDNet has already identified at least five such malware strains, and some of them are distributed in the wild, while others seem to have been created only as jokes or some kind of tests.
The online publication mentioned above noted that the common themes that samples have are that they use a coronavirus-theme and they are geared towards destruction rather than some kind of financial gain.
Rewriting MBR sectors
The most advanced of the samples are two that rewrote MBR sectors.
“Some advanced technical knowledge was needed to create these strains as tinkering with a master boot record is no easy feat and could easily result in systems that didn’t boot at all,” according to the latest info coming from the online publication mentioned above.
At first this seems like a simple screenlocker, but it infects the MBR as well.
Same MBR as the Coronavirus ransomware found by @malwrhunterteam
— Karsten Hahn (@struppigel) March 26, 2020
They continued and detailed that “The first of the MBR-rewriters was discovered by a security researcher that goes by the name of MalwareHunterTeam, and detailed in a report from SonicWall this week. Using the name of COVID-19.exe, this malware infects a computer and has two infection stages.”
Besides the malware describes above, there are also the data wipers. Both of them were discovered by MalwareHunterTeam.
"alcuni accorgimenti da prendere per il Covid-19.zip" -> "Covid-19.exe" (60e9dfe954acf0b02a5b35f367cf36ae2bc9b12e02aa3085495c5d8c4c94611c) -> dropped "Covid-19.bat", which is a poor wiper…
Seen from Italy.
Not sure it worse if it was created as joke or seriously.@JAMESWT_MHT pic.twitter.com/YkbFTq8LP7
— MalwareHunterTeam (@malwrhunterteam) April 1, 2020
We recommend that you check out the original article in order to learn more details about the issue.