GigaWiper Can Destroy Data and Take Remote Control of Your PC

Author: Qoo Media

GigaWiper is a destructive backdoor that can give attackers full control of an infected computer while retaining the ability to erase its data. Its operators can trigger destructive commands at any time after the malware has reached a victim’s system.

The threat goes beyond conventional data-wiping malware because it combines remote access, surveillance, and several destructive routines. Microsoft Threat Intelligence identified GigaWiper as a new threat built from components associated with different malware families.

Microsoft Threat Intelligence first detected GigaWiper in October 2025. Written in the Go programming language, the malware can target local storage drives, files, and logical partitions on compromised devices.

Once it receives instructions from an attacker-controlled command-and-control, or C2, server, GigaWiper can execute 20 different remote commands. These commands include capturing screenshots, recording video, and streaming the victim’s screen to the attacker.

The malware can also provide remote control over a victim’s keyboard and mouse. This capability allows an attacker to interact with the compromised machine from a distance.

Surveillance and System Manipulation

GigaWiper uses TCP-based streaming for its screen-streaming capability. To make that activity less visible, it can create a dedicated exception in Windows Firewall.

The malware is also able to collect detailed information about the victim’s machine. It can manipulate software processes, delete activity logs, and alter the system registry.

Module Method Potential Effect
Standalone wiper Overwrites storage in raw mode Targets data at the physical disk level
Fake ransomware Derived from Crucio Encrypts files without retaining a decryption key
System-drive wiper Uses FlockWiper logic Deletes the Windows operating system drive through layered cleaning

Three Paths to Data Destruction

The standalone wiper overwrites hard-disk data in raw mode rather than merely working with file or partition metadata. That approach operates directly at the physical disk level.

Another component acts like ransomware and is derived from the Crucio malware family. It encrypts files but never stores a decryption key, making the locked data impossible to recover.

A third module adopts logic from FlockWiper. It is designed to remove a Windows operating system drive completely through a layered cleaning process.

Microsoft describes GigaWiper as a “Frankenstein” malware creation because it is assembled from at least three separate malware families. Its code analysis found links to Crucio and FlockWiper through execution flows, function names, and matching data strings.

Microsoft also identified a third component called CutBrooch. The component is believed to serve as the core of GigaWiper’s standalone wiping module.

Recommended Protection Steps

Microsoft urged users and organizations to enable Tamper Protection in Windows Defender. The setting is intended to help protect security controls from unauthorized changes.

Cloud-based protection should also be enabled to help address rapidly evolving cyber threats. This can provide protection before local antivirus databases have been updated.

Source: inet.detik.com
Latest