- Microsoft warns about “GigaWiper,” a destructive malware attributed to the Iranian group CyberAv3ngers that combines multiple variants into one
- It can wipe drives, encrypt files with a fake ransomware extension, or overwrite Windows partitions, while also spying on screenshots, VNC sessions, and stealing system data.
- The malware hides under fake OneDrive registry keys and tasks, exhibiting spying and sabotage capabilities without a recovery path for victims’ data.
Microsoft is warning about a new piece of malware called GigaWiper, which can spy on people’s computers and then completely destroy them, in different ways.
It was created by combining different malware variants into one, and appears to be the work of Iranian state-sponsored threat actors called CyberAv3ngers. The hackers also made a small blatant attack on Microsoft, through the malware’s obfuscation mechanism.
As Microsoft explained, GigaWiper can overwrite the physical drive and wipe the partition table, destroying the contents of the disk directly. You can also encrypt all files on the disk, add a .candy extension, and change the desktop wallpaper to display a warning. This ransomware approach does not share a ransom note and does not generate a decryption key, so there is nothing to pay and no way to decrypt the files; They disappear forever, they only give victims false hope.
Spy on victims
Finally, the third method goes directly to the Windows drive, overwriting it multiple times with different data patterns.
In addition to locking the disk, GigaWiper can also spy on its victims by taking screenshots, recording the screen, or opening a VNC session to stream someone else’s work or allow attackers to use the mouse and keyboard. Malware can also extract system data, manage programs and services, modify the registry, and more.
But the most blatant feature is how it is hidden. It schedules a task called OneDrive Update and tracks itself to a registry key called OneDriveEnvironment. Perhaps the attackers assumed that no one pays attention to OneDrive and therefore the malware could stay out of sight longer.
Speaking of the attackers, Microsoft doesn’t name them, but most of the components combined to form GigaWiper were previously attributed to CyberAv3ngers, a group linked to Iran’s Islamic Revolutionary Guard Corps.

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.




