Monday, January 25, 21:16
Home security New COVID-19 malware deletes files and affects your PC's MBR

New COVID-19 malware deletes files and affects your PC's MBR

COVID-19 malware

His pandemic COVID-19 has caused many problems around the world. The most important of them is health and economy. However, we must not forget the malicious ones hackers, finding an opportunity to do so attacks, now that there is this general concern. There are, for example, some software that have been named COVID-19 malwareAnd destroy them systems, either deleting files either making its master boot record (MBR) inaccessible computer.

At least five different COVID-19 malware have been detected. Some have already been used and infected users, while others appear to have been created solely for testing or for fun.

The common element of all these malware is that they are related to COVID-19 and aim more at system destruction and less at profit.

MBR-rewriting malware

Some of the most dangerous COVID-19 malware detected last month are two that make the computer's master boot record (MBR) inaccessible.

Advanced technical knowledge was definitely needed to create these COVID-19 malware.

The first MBR rewriter was discovered by a researcher security and is detailed in one reference by Sonicall. The malware has the name COVID-19.exe and infects a computer two stages.

In the first stage, just an annoying window appears, which the users cannot be shut down because COVID-19 malware already exists disable Windows Task Manager.

COVID-19 malware

While users are dealing with this annoying window, the malicious program silently affects the MBR. It then restarts the computer and starts the new MBR, blocking them users on a pre-boot screen.

Users will eventually be able to regain access to their computers, but will need special applications to recover MBR.


Another similar malware, which is even more sophisticated, is said to be “CoronaVirus ransomware". The main function of this COVID-19 malware is to steal passwords from an infected computer and then to imitate the ransomware to deceive the user and fulfill his real purpose.

In fact, it is not ransomware. It just appears as ransomware. Once the theft procedures are completed data, malware enters a phase where it affects the MBR and blocks users in a ransomware message, preventing access to computers their. Users see a ransom note and then find that they cannot access their computers. So the last thing they think about is to check if someone stole the passwords from their applications.


According to the security researcher Vitali Kremez, malware also contained code that allowed files to be deleted. However, it was not active in the samples analyzed.

Clear data

However, the researchers security have identified others COVID-19 malware, specializing in data deletion.

The first was identified in February. The malicious file name is written in Chinese and is probably intended for Chinese users. It is not known whether attacks have been carried out or simple tests are being carried out.

The second was discovered yesterday. He went to VirusTotal from someone in Italy.

Researchers believe the two malware are not very effective, as they have errors and use time-consuming procedures to delete files in infected systems. However, if used in attacks, they can "do their job".


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...

SpaceX launched 143 satellites simultaneously

SpaceX broke every record with its last spacecraft mission into orbit. The company successfully launched the Transporter-1 mission ...

Sony may resurrect the Xperia Compact to compete with Apple

Have you seen the iPhone 12 mini and wish there was an Android equivalent to this small but powerful smartphone? Can the desire ...