Industry observers note that the malware, known as GigaWiper, combines several destructive functions with a powerful backdoor for attackers. Microsoft has discovered a fresh piece of malware that not only spies on data but also renders entire systems unusable.
The report highlights that the recently published analysis reveals the full extent of the malware’s capabilities. Security researchers at Microsoft Threat Intelligence first detected the activity back in October 2025.
In a fresh development, other security researchers are also tracking the malware under the name BlueRabbit. According to the report, GigaWiper isn’t a traditional wiper malware with a single purpose—it’s far worse.
As part of the ongoing story, unlike ordinary malware, it doesn’t simply delete individual files but directly accesses the physical drives. One of the most dangerous aspects of GigaWiper is its ability to overwrite hard drives at a low level.
Industry observers note that once the destructive operation is complete, the computer restarts and the data that was once stored on it is made no longer accessible in the usual way. In doing so, GigaWiper can remove partition entries and overwrite the contents of storage media.
As part of the ongoing story, gigaWiper encrypts files and appends the .candy extension to them. However, this isn’t a classic extortion attack—the decryption keys are generated at random and not stored, so recovery is technically impossible. Another function masquerades as ransomware.
Industry observers note that another destructive function of GigaWiper overwrites the Windows system drive multiple times with various data patterns, making recovery even more difficult.
As part of the ongoing story, microsoft describes GigaWiper as a backdoor through which attackers can gain permanent access to infected systems. However, this malware isn’t limited to destruction of data.
Industry observers note that this allows attackers to first gather information about a system or take control of it before triggering its destructive activity.
The report highlights that this task is named “OneDrive Revision” and runs regularly—easy to overlook if you aren’t paying attention. According to Microsoft, GigaWiper sets up a scheduled task in the Windows Task Scheduler to ensure it remains on affected computers for as long as possible.
As part of the ongoing story, the malware also uses RabbitMQ and Redis to communicate with command-and-control servers, making the connections harder to detect in corporate networks where these services are already in use.
In a fresh development, microsoft found that several older malware components were integrated into it. A distinctive capability of GigaWiper is its structure.
According to the latest update, another component is based on FlockWiper, an older wiper malware strain. The attackers have integrated these functions into a fresh backdoor developed in the Go programming language. Some of the functions originate from Crucio, a ransomware strain previously analyzed.
In a fresh development, this allows attackers to decide whether to take control of systems, manipulate data, and/or trigger complete destruction.
The report highlights that there’s currently no evidence of widespread distribution among home Windows users. Based on current findings, GigaWiper is primarily used for targeted attacks against organizations and corporations.
The report highlights that so, for home users, traditional security measures remain crucial: Windows and security programs should be kept up to date, and unsolicited attachments and apps should never be opened. The malware works by first gaining access to a system, which is then controlled by attackers.
As part of the ongoing story, according to Microsoft, businesses should enable protective functions such as tamper protection for security programs, deploy modern attack detection systems, and monitor suspicious activity like unusual tasks in the Windows Task Scheduler or unexpected network connections.
According to the latest update, these should be stored in a separate location from the PC, as only an independent data backup can help with recovery in the showcase of a genuine wiper attack. Regular backups are important, too.
Industry observers note that to learn more, see our comparison of Windows 11 Home and Pro. If you want to upgrade, snag it for cheap in the PCWorld Applications Store: now just $59 instead of $99. By the way: If you’re using Windows 11 Home, you’re missing out on the many benefits of Windows 11 Pro.
In a fresh development, this article originally appeared on our sister publication PC-WELT and was translated and localized from German.
According to the latest update, egal, ob Smartphones, Gadgets oder die neuesten Trends aus der Welt von Apple und Android – sie ist in beiden Welten zu Hause. Neben Technik widmet sie sich gerne Lifestyle-Themen, kulinarischen Entdeckungen sowie Filmen und Serien. Mit ihrer Begeisterung für moderne Technologien liefert sie gerne praxisnahe Tipps und spannende Einblicke, die den Alltag bereichern. Viviane Osswald ist freie Redakteurin und Tech-Enthusiastin mit einer besonderen Leidenschaft für Mobile-Tech.