Pages

7 April 2020

New COVID-19 Malware Will Wipe Your PC And Rewirite Your Computer’s Master Boot Record — In Essence, Destroying Your Laptop


Thieves, con-artists, charlatans and others never let a good crisis go to waste. The security and technology website is reporting that cyber thieves/malcontents are using the COVID-19 crisis as an opportunity to make our lives more difficult in the digital universe. Catalin Cimpanu, writing for ZeroDay, posted an April 2, 2020 article to ZDNet, explaing how this new malware works and what it does.

Mr. Cimpuna writes that “with the help of the infosec community, ZDNet has identified at least five malware strains, some distributed in the wild, while others appear to have been created as tests, or jokes. The common theme among all four samples,” he adds, “is that they use a coronavirus-theme; and they’re geared towards destruction rather than financial gain.”

MBR-Rewriting Malware

“Of the four malware samples found by security researchers this past month, the most advanced were the two samples that rewrote the master-boot-record (MBR) sectors,” Mr. Cimpanu wrote. “Some advanced technological knowledge was needed to create these strains, as tinkering with a master-boot-record is no easy task,” he explains, “and could easily result in systems that do not boot at all.”

“The first of the MBR-rewriters was discovered by a security researcher that goes by the name, MalwareHunterTeam, and detailed on a blog named SonicWall this week,” Mr. Cimpanu wrote. “Using the name COVID-19 exe, this malware infects a computer and has two infection stages. In the first phase, it just shows an annoying window that users can’t close because the malware has also disabled the Windows Task Manager. While the user attempts to deal with the window, the malware is silently rewriting the computer’s master-boot-record,” without the user knowing. Once this task is completed, the malware “restarts the computer, with the newly implanted MBR, blocking the user from operating the PC and locking them into a pre-boot screen,” Mr. Cimpuna explained. “Users can eventually regain access to their computer; but, they’ll need special apps that can be used to recover and rebuild the MBR into a working state.”

Other coronavirus malware, masquerading as coronavirus updates, etc., steals passwords and other sensitive personal data. And, with the majority of us working from home during this pandemic — the malware could also steal corporate data — if your PC is successfully breached.

Cyber thieves are also promoting fake apps that appear legitimate and propose to provide the user with updates on the coronavirus; but, are in fact a Trojan Horse, designed to steal passwords, data, and even watch/listen to you — through the use of the camera and microphone on your cellphone.

This malware is readily available for sale on the DarkWeb, and enables a less sophisticated cyber hacker/thief to leapfrog into this domain — without having to be an elite hacker.

The bottom line is that hackers and the darker digital angles of our nature are using this pandemic as an opportunity to take advantage of the millions of people who are working and accessing their work/corporate networks from their homes. The individuals employing this malware are probably not part of a nation-state effort; but, China, Russia, Iran and North Korea are most certainly using the cover of the pandemic as an opportunity to steal whatever they can. There is no indication that any of this malware can be used as a remote/clandestine stay-behind in your network; but, someone out there is no doubt working on it.

The best approach, if you want an update on the coronavirus — is not to click on an app or link unless you absolutely know it is legitimate. The CDC has an app and Johns Hopkins University also has a daily update you can get digitally if you go to their website and request it. Otherwise, DO NOT click on any link you do not recognize — that purports to provide coronavirus updates or information. I also suspect that these same thieves will also try and piggyback on the government stimulus and low-interest loans — that are offered over the Internet. As always, do not trust and verify first. RCP, fortunascorner.com

No comments:

Post a Comment