This new Windows malware can take over your PC and wipe it clean
Strategic summary
The research report describes 'GigaWiper', a modular Windows backdoor written in Golang that combines remote access, espionage, and multiple data destruction methods. The malware leverages components from earlier tools like Crucio ransomware and FlockWiper, and can, among other things, overwrite raw disks, irreversibly encrypt files, and record the desktop. It establishes persistence via a scheduled task named 'OneDrive Update'. The best defense is preventing initial compromise and detecting malicious activity early.
Key findings
- GigaWiper is a modular backdoor with approximately 20 commands, including functions for data destruction, remote monitoring, and system manipulation.
- The malware disguises data destruction as ransomware (Crucio), but discards the key, making recovery impossible.
- For persistence, GigaWiper creates a scheduled task 'OneDrive Update' that runs every minute and at startup.
- The command-and-control servers were identified at IPs 185.182.193.21 and 212.8.248.104.
- Prevention requires blocking the initial intrusion and monitoring for suspicious tasks and network connections.
Relevance for you
GigaWiper is a modular Golang backdoor observed in intrusions since October 2025, combining multiple wiper functions with C2 and remote access capabilities in a single operational framework.
Risk score
- cvss base
- 45.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 0.00
- raw before weight
- 45.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
- consensus penalty
- -3.00
Path: operational
Consensus check
The pipeline self-checks before delivery. These rules lowered the score:
-
TTP_SKIPPEDTTP mapping skipped (placeholder or aggregation article) −3
- Consensus penalty:
- −3.0
- Total penalty:
- −3.0