Microsoft announced the discovery of new malware, GigaWiper, which is capable of not only spying on users but also permanently destroying computer data, according to PCWorld, citing Microsoft Threat Intelligence.
According to company specialists, the new malware's activity was first detected as early as October 2025. However, Microsoft only now revealed details about its capabilities.
According to experts, GigaWiper is a multifunctional malware. It can directly access the hard drive, delete partition information, and repeatedly overwrite data. After this, the computer reboots, making file recovery using standard tools virtually impossible.
In addition, the program can take screenshots, record what is happening on the display, remotely control the computer, collect system information, modify the Windows registry, and delete event logs, hiding traces of its activities.
Experts also reported that GigaWiper can encrypt files, assigning them the .candy extension. However, unlike typical ransomware, this data is impossible to recover, as the encryption keys are randomly generated and not stored anywhere.
To gain a foothold in the system, the malware creates a task in Windows Task Scheduler called OneDrive Update, disguising itself as a regular software update.
GigaWiper uses RabbitMQ and Redis services to communicate with attacker servers, which, according to Microsoft, makes it difficult to detect its network activity on corporate networks.
Additionally, experts have determined that the malware combines components of several previously known programs, including the Crucio ransomware and the FlockWiper wiper.
According to Microsoft, GigaWiper is currently used primarily in targeted attacks against organizations and large companies. There are no signs yet of its widespread distribution among home Windows users.
The company recommends regularly updating your Windows operating system and antivirus software, not opening suspicious email attachments, and backing up important data.
Additionally, Microsoft advises organizations to use advanced cyberattack detection tools, monitor suspicious tasks in Windows Task Scheduler, and pay attention to unusual network connections.




































