The worldwide novel coronavirus pandemic (COVID-19) has everyone under lockdown. Internet usage has increased over the period. Malware infections are on the rise now. Some malicious developers have developed a malware codenamed ‘COVID-19 malware’. Because it destroys infected systems, either by ripping files or by rewriting the computer’s master boot record (MBR).
With the help of cybersecurity, researchers have identified 5 strains of malware. Some viruses are roaming in the wild, while others are solely for testing or jokes. All of the viruses use a coronavirus theme. But all are for destruction and not economic gain.
COVID-19 malware has malicious MBR rewriting software
Out of the 4 samples of malware found by security researchers at Acronis last month, the most recent are the two samples that rewrote MBR sectors. MBR is your master boot record.
Some advanced technical knowledge was needed to create these varieties, since registering with a master boot record is not easy and can easily result in systems that are not fully bootable.
A new Windows ransomware has emerged that makes disks unusable by overwriting the master boot record (#MBR). It takes its cue from the COVID-19 pandemic, calling itself simply “#Coronavirus.” https://t.co/YiOoH46IvJ pic.twitter.com/QI9r2enU7o
— Gustavo Cols (@GustavoColsKL) April 2, 2020
The first of the MBR rewriters was discovered by a security researcher named MalwareHunterTeam, and detailed in a SonicWall report this week. Named COVID-19.exe or COVID-19 malware, this malware infects a computer and has two stages of infection.
In the first phase, you only see an annoying window that users cannot close because the malware has also disabled Windows Task Manager. In later stages, all your registries are rewritten. It completely destroys your PC’s file structure.
The usual Canada Revenue Agency phishing using "Canada Emergency Response Benefit" / "COVID-19 Financial Support" theme: https://envisioncm[.]com/COVID-REFMOB/
Added some screens here, but obviously there are more steps to get bank account details and etc…
@JayTHL @JAMESWT_MHT pic.twitter.com/F8Boqld9zM
— MalwareHunterTeam (@malwrhunterteam) April 1, 2020
It might seem strange for some developers to create destructive malware. But this is not the first time. For every type of malware that security researchers discover, there is also one that is also a joke. Just for the sake of risk. During the WannaCry ransomware outburst in 2017, when days after the original WannaCry ransomware encrypted computers around the world. There were countless clones doing the same for no apparent reason.