In the context of e-learning applied in many countries since the outbreak of the pandemic COVID-19, The governments distribute the necessary equipment to students. Among them is the United Kingdom. However, some of the laptops distributed by the UK Department of Education (DfE) to students were found to be "infected" with malware, according to the BBC.
The devices are distributed free of charge by the government to support students who may not have access to distance education during the pandemic, including children and young people who do not have digital devices. smartphone or share a single device with other members of their family.
DfE also partnered with mobile network providers to give students free access data, so they can take distance lessons.
Teachers at Bradford Schools reported that some of the files found in Windows Laptops provided by the government were infected with malware, as it was discovered while preparing the devices for delivery to students.
The government in the UK has already delivered over 800.000 laptops and tablets so far in schools, academia and local authorities across the country. A ministry official said the following: "We know of a problem with a small number of devices and our priority is to resolve the issue as soon as possible. The IT teams of the Ministry communicate with those who have reported this issue. We believe that the security incident has not become widespread. "
Malware found on infected laptops is Gamarue (also known as Andromeda). It is a modular strain of malware known to be commonly used by Russia and other Eastern European countries. Gamarue is for sale at hacking forums and allows intruders to control compromised devices using a Teamviewer plugin. It also has support for keylogger, rootkit, Socks4 / 5 proxy server and formgrabber plugins that allow it to look at keystrokes, gain persistence and steal login data of a browser.
It can also modify computer settings, steal user information and documents. Computers are usually infected with Gamarue through previous infections, through exploitation kits when browsing compromised sites, and through malicious email attachments.
According to BleepingComputer, some variants of Gamarue have worm capabilities that allow malware to spread to other devices via infected removable devices, such as removable hard drives and USB.
When samples of this malware were first discovered in 2011, Gamarue was mainly used to transport many malware, including ransomware Petya, Troldesh and Cerber, Kasidet malware (also known as Neutrino bot) used to DDoS attacks, the Lethic spam bot, as well as Ursnif, Carberp and Fareit info-stealers.
Although Microsoft "hit" the Andromeda botnet, suppressing its servers, in a coordinated global operation with law enforcement and other partners in 2017, the malware continues to infect devices on a daily basis to this day.