Have You Heard of The COVID-19 Malware? Here’s How to Protect Your PC

We’re all worried about the ongoing threat of COVID-19. With the recent shelter-in-place orders across the country, we’re all becoming more dependent on our computers for work, school, and entertainment.

Now, we might have to watch out for another virus: COVID-19 themed malware is now attacking computers, and it’s important to keep yourself, and your computer, safe. 

What’s the Motivation?

Most malware creators are motivated by money. Some malware will sniff out your sensitive information to sell, and other programs, known as ransomware, will take your computer or important files hostage and demand payment in untraceable cryptocurrency. 

Though that is certainly the motivation beyond some of this new wave of malware, not all of them are set on financial gain. Some of this malware is geared towards destruction, power, and generating more fear.

It’s important to stay safe from these viruses and avoid giving the hackers what they want. Here’s what you need to look for if you suspect you’ve been hit by COVID-19 malware.

MBR-Rewriting Malware

The Master Boot Record (MBR) is a part of your computer’s software that identifies the operating system and boots it up so you can use your computer. MBR-Rewriting malware is a very sophisticated virus. It targets and rewrites your MBR in two steps.

This virus, called COVID-19.exe, starts by showing an annoying window which can’t be closed. While you’re trying to get rid of this window, the virus is rewriting your MBR.

Eventually, it restarts your computer and blocks you with a pre-boot screen. You’ll need special software to regain control of your computer when this virus kicks in. 

A second MBR-rewriting malware poses as ransomware, but its actual purpose is, again, rewriting your MBR and blocking access to your computer.

This virus, called “Coronavirus ransomware”, will steal passwords from infected computers and function the same way as COVID-19.exe, but the pre-boot screen will ask the computer user to send money to a bitcoin account. This is just a trick, as the actual purpose is the same as COVID-19.exe. 

As with any ransomware, do not send any money to the bitcoin account listed on the pre-boot screen. There’s no guarantee you’ll get your information back, and the transaction will be untraceable and impossible to prove to law enforcement.

Data Wipers

Data wipers are a kind of malware with the goal of wiping all data from the hard drive of infected computers. Two COVID-19 themed data wipers have been spotted.

The first one was found in February with a Chinese file name. This one probably targeted Chinese computers, but it isn’t confirmed whether the virus also targeted other computers. 

The second one was identified on April 1st by a user in Italy. These data wipers are particularly bad at their goals due to error-filled coding, but they’re still worth watching out for.