Wiper: Japanese Olympic-themed malware was detected on Wednesday (21) by a Japanese security company. Called Wiper, the rogue software’s main feature is to delete files from infected systems, focusing on Japanese PCs. Coincidentally, the discovery took place just before the opening ceremony of the Olympics, scheduled for Friday (23).
According to Mitsui Bussan Secure Directions (MBSD), the Wiper does not make a general deletion of files, but only of personal documents stored in “C: / Users / / “. And not only files produced in Microsoft Office are affected, but also those with TXT, LOG and CSV extensions, which store logs, databases or passwords.
Files with other extensions are also deleted by malware, such as DOTM, DOTX, PDF, CSV, XLS, XLSX, XLSM, PPT, PPTX, PPTM, JTDC, JTTC, JTD, JTT, TXT, EXE and LOG. What caught the researchers’ attention was finding as targets files created by the Ichitaro word processor, used mainly in Japan, which suggests that the Wiper is aimed only at computers in the country.
Wiper hides on adult websites
Wiper’s analysis revealed some interesting features to escape anti-parse and anti-VP detection (it doesn’t run inside a virtual machine). Among the disguises, one of the most curious is that the malware uses the Client URL application to access pages of the XVideos adult video portal during its action.
According to the MBSD team, this technique is intended to deceive investigators into believing that the user acquired the virus while accessing pornographic sites. In fact, Wiper is a Windows executable file, configured as a PDF with the name: “[Urgent] Damage report related to the occurrence of cyber attacks, etc. associated with Tokyo Olympics.exe”.