A COVID-19 malware is out there that can wipe your PC and rewrite your MBR

The covid-19 themed malware was discovered by researchers and it can really destroy your computer.

The covid-19 outbreak has given birth to a lot of things in the world today. This pandemic has given malware developers an idea of a COVID-19 malware that gets to infect PCs and then wipe your files and in some cases rewrite a computer’s master boot record ( MBR ).

Usually, these type of malwares are designed for financial gains. But nope, this time it’s mainly for destruction of data.

The first of the MBR-rewriters was discovered by a security researcher that goes by the name of MalwareHunterTeam, and detailed in a report from SonicWall this week. Using the name of COVID-19.exe, this malware infects a computer and has two infection stages.

The first of the MBR-rewriters was discovered by a security researcher that goes by the name of MalwareHunterTeam, and detailed in a report from SonicWall this week. Using the name of COVID-19.exe, this malware infects a computer and has two infection stages.

In the first phase, it just shows an annoying window that users can’t close because the malware has also disabled the Windows Task Manager.

coronaimage.png
Image: SonicWall

As users try to close this window, the malware is doing something in the background. It’s discreetly writing to your computer’s MBR. Suddenly your PC restarts and MBR with new records kicks in blocking you with a pre-boot screen.

Users can eventually regain access to their computers, but they’ll need special apps that can be used to recover and rebuild the MBR to a working state.

Users can eventually regain access to their computers, but they’ll need special apps that can be used to recover and rebuild the MBR to a working state.

mbr-msg.png
Image: SonicWall

But there was a second coronavirus-themed malware strain that re-wrote the MBR. This one is a far more convoluted malware operation.

It’s called the “CoronaVirus ransomware” but it was just a facade. What the malware does is to steal passwords from your PC and can trick you an something mask it’s purpose.

However, it wasn’t ransomware either. It only posed as one. Once the data-stealing operations ended, the malware entered into a phase where it rewrote the MBR, and blocked users into a pre-boot message, preventing access to their PCs. With users seeing ransom notes and then not being able to access their PCs, the last thing users would thing to do is to check if someone exfiltrated passwords from their apps.

coronavirus-rw.png

Leave a Reply

Your email address will not be published. Required fields are marked *