- Microsoft warns of ‘GigaWiper,’ a destructive malware attributed to the Iranian group CyberAv3ngers that combines several variants into one
- It can wipe drives, encrypt files with fake ransomware extension or overwrite Windows partitions, all while spying via screenshots, VNC sessions and stealing system data.
- The malware hides under fake OneDrive tasks and registry keys, showing both spying and sabotage capabilities without any recovery path for victims’ data.
Microsoft is warning about a new malware called GigaWiper, which can spy on users’ computers and then destroy them entirely, in a variety of ways.
It was built by mixing different malware variants into one, and it appears to be the work of Iranian state-sponsored threat actors called CyberAv3ngers. The hackers also launched a cheeky little dig at Microsoft, via the malware’s obfuscation mechanism.
As Microsoft explained, GigaWiper can overwrite the physical disk and wipe the partition table, directly destroying the contents of the disk. It can also encrypt all files on the drive, add a .candy extension, and change the desktop wallpaper to display a warning. This ransomware approach does not share a ransom note or generate a decryption key. So there is nothing to pay and no way to decrypt the files: they are gone for good, simply giving victims false hope.
Spy on victims
Finally, the third method applies directly to the Windows drive, overwriting it several times with different data models.
In addition to destroying the disk, GigaWiper can also spy on its victims by taking screenshots, recording the screen, or opening a VNC session to stream someone else’s work or allow attackers to use the mouse and keyboard. The malware can also extract system data, manage programs and services, modify the registry, etc.
But the most insolent thing is the way he hides. It schedules a task called OneDrive Update and tracks it in a registry key called OneDriveEnvironment. The attackers may have assumed that no one was really paying attention to OneDrive and therefore the malware could remain invisible for longer.
Speaking of the attackers, Microsoft isn’t naming them, but most of the components assembled to form GigaWiper were previously attributed to CyberAv3ngers, a group linked to Iran’s Islamic Revolutionary Guard Corps.

The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.




