Skip to content
Auto-CTI
Back to all deep dives
MALWAREBYTES

This new Windows malware can take over your PC and wipe it clean

CRITICAL GigaWiper Windows backdoor destructive malware data wiper

Strategic summary

The research report describes 'GigaWiper', a modular Windows backdoor written in Golang that combines remote access, espionage, and multiple data destruction methods. The malware leverages components from earlier tools like Crucio ransomware and FlockWiper, and can, among other things, overwrite raw disks, irreversibly encrypt files, and record the desktop. It establishes persistence via a scheduled task named 'OneDrive Update'. The best defense is preventing initial compromise and detecting malicious activity early.

Key findings

  • GigaWiper is a modular backdoor with approximately 20 commands, including functions for data destruction, remote monitoring, and system manipulation.
  • The malware disguises data destruction as ransomware (Crucio), but discards the key, making recovery impossible.
  • For persistence, GigaWiper creates a scheduled task 'OneDrive Update' that runs every minute and at startup.
  • The command-and-control servers were identified at IPs 185.182.193.21 and 212.8.248.104.
  • Prevention requires blocking the initial intrusion and monitoring for suspicious tasks and network connections.

Relevance for you

GigaWiper is a modular Golang backdoor observed in intrusions since October 2025, combining multiple wiper functions with C2 and remote access capabilities in a single operational framework.

Risk score

51
cvss base
45.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
45.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00
consensus penalty
-3.00

Path: operational

Consensus check

The pipeline self-checks before delivery. These rules lowered the score:

  • TTP_SKIPPED TTP mapping skipped (placeholder or aggregation article) −3
Consensus penalty:
−3.0
Total penalty:
−3.0
ESC