GigaWiper Combines Multiple Malware for System-Level Sabotage

https://www.securityweek.com/wp-content/uploads/2025/11/malware.jpeg

For over eight months, a threat actor has been using a destructive backdoor and wiper that has multiple system-level sabotage capabilities, Microsoft reports.

Dubbed GigaWiper, the malware is a sophisticated Go-based backdoor that consists of multiple malware families and robust command-and-control (C&C) capabilities.

According to Microsoft, the malware in GigaWiper was folded in the form of on-demand backdoor commands, allowing the attacker to execute a standalone wiper, a ransomware-like encryption command, and a wiping command that performs multiple erase passes.

“The consolidation of multiple destructive capabilities into a modular backdoor reflects a notable shift in wiper malware, which is typically designed purely to destroy rather than to extort and carry real-world consequences,” Microsoft notes.

First observed in October 2025, GigaWiper contains a wiper that operates at the physical disk level. It enumerates drives using Windows Management Instrumentation (WMI) to identify the Windows partition, removes partition references from non-Windows drives,...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more