New Coronavirus Wiper Malware Disables Windows PCs
A new destructive program for Windows, named “Coronavirus,” is making headlines for using the COVID-19 theme to lure victims and overwrite the Master Boot Record (MBR) of their computers. This malware operates similarly to the infamous NotPetya attack from 2017, which caused significant financial losses worldwide.
According to researchers from SonicWall Capture Labs Threat, the new wiper acts in much the same way. Victims of the “Coronavirus” malware are met with a gray screen, a blinking cursor, and a brief message: “Your computer is corrupted.”
How the Coronavirus Wiper Spreads
The creators of this wiper intentionally chose a striking name that reflects current events to increase the chances of users running the malicious program. The malware is distributed using several popular methods, including:
- Email attachments
- File downloads from servers
- Disguising itself as legitimate applications
What Happens After Infection?
Once launched, the wiper copies several auxiliary files into the systemโs temporary folder. The malware then attempts to disable User Account Control (UAC) and the Windows Task Manager to prevent users from stopping its activity.
According to experts, the wiper also changes the victimโs desktop wallpaper and uses system settings to prevent it from being changed back.
Stay Protected
To avoid falling victim to such destructive malware, always be cautious with email attachments, downloads, and unfamiliar applications. Keep your operating system and security software up to date.