In the evil table caused by the coronavirus epidemic, we started to encounter coronavirus-based malware. Security researchers have discovered 4 new malware that uses the coronavirus theme.
While almost all the countries of the world are dealing with coronavirus, malware developers have started to use the panic atmosphere created by the epidemic. Developing coronavirus-based malware, developers are deleting files on computers or targeting a computer’s boot record, MBR.
Security researchers have discovered 4 new coronavirus-themed malware. All of these software use coronavirus theme and cause great damage to computers. Two of these softwares target MBR, which is the boot record, while the other two softwares were created to delete data on the computer.
The malware named COVID19.exe, discovered by its secure researcher named MalwareHunterTeam, follows two stages after being infected by the computer. At the first stage, the computer’s Windows Task Manager is disabled. As the user tries to open the Task Manager, the virus deletes the boot record of the computer in the background and replaces it. In this way, another screen appears before the boot screen at the boot of the computer.
Another malware targeting MBR is like a ransom application, but its main job is to steal the user’s passwords and data. In order for the user not to understand this, a message requesting money from the user is displayed in the foreground. Thus, the user whose data is stolen thinks that he is just facing a ransomware.
Security researchers found that when they examined the codes of the second malware, there was also a block of code to delete files on the computer. However, these codes were not active. In the second version of the virus, the data deletion feature seemed to be replaced by a functional screen lock.
Apart from the viruses that target the MBR, two malware have been discovered that have been developed to delete data. The first one came up with a Chinese filename. The Chinese file virus, which appeared in February, was directly targeting user data. The second data deletion application detected yesterday was uploaded to VirusPortal by someone in Italy.
Security researcher MalwareHunterTeam described the methods they used to delete files on the system they were infected as inefficient, error-prone, and time-consuming, as well as both types of malware.