Virus that can completely destroy a computer detected
Tengrinews.kz — Microsoft has discovered new malicious software called GigaWiper, which is capable not only of spying on users but also of permanently destroying data on a computer, citing PCWorld.
According to Microsoft Threat Intelligence specialists, activity linked to the new virus was first detected back in October 2025. However, the company has only now disclosed details of how it works.
GigaWiper can completely destroy a computer
Microsoft said GigaWiper is not an ordinary virus, but multifunctional malware. The program can directly access the hard drive, delete information about its partitions and repeatedly overwrite data. After that, the computer restarts, and restoring files using standard methods becomes almost impossible.
In addition, the virus can:
take screenshots;record what is happening on the screen;remotely control the computer;collect system information;modify the Windows registry;delete event logs, hiding traces of its activity.
GigaWiper can also encrypt files, assigning them the .candy extension. However, unlike ordinary ransomware, such data cannot be restored because the encryption keys are generated randomly and are not stored anywhere.
How the virus hides
To establish persistence in the system, the malware creates a task in Windows Task Scheduler called OneDrive Update, disguising itself as a regular update.
To communicate with attackers’ servers, GigaWiper uses RabbitMQ and Redis services, making its network activity harder to detect in corporate networks.
According to Microsoft, the virus also combines components of several previously known malware programs, including the Crucio ransomware and the FlockWiper wiper virus.
Who is at risk
According to Microsoft, GigaWiper is currently used mainly in targeted attacks against organizations and large companies. There are currently no signs of mass distribution among home Windows users.
Nevertheless, experts recommend regularly updating Windows and antivirus software, avoiding suspicious attachments and using data backups.
Microsoft also advises companies to use modern cyberattack detection tools and monitor suspicious tasks in Windows Task Scheduler, as well as unusual network connections.