GigaWiper Combines Multiple Malware for System-Level Sabotage
GigaWiper is a sophisticated Go-based backdoor malware with multiple destructive capabilities, including a standalone wiper, ransomware-like encryption, and multi-pass wiping commands. It operates at the physical disk level, wiping drives and removing partition references, and supports extensive command-and-control functions such as executing commands, uploading files, and clearing logs. The malware consolidates multiple older malware components into a modular implant, enabling both espionage and destructive sabotage. It was first observed in October 2025 and is linked to the Crucio ransomware developer and shares code with FlockWiper. No specific affected software versions or patches are currently identified.
AI Analysis
Technical Summary
GigaWiper is a modular backdoor malware written in Go that combines multiple malware families and destructive capabilities into a single implant. It includes a physical disk-level wiper that enumerates drives via Windows Management Instrumentation (WMI), removes partition references, wipes drives with multiple erase passes, and reboots the system. The backdoor supports commands to execute destructive wiping, ransomware-like encryption with random keys, file encryption/decryption, and system sabotage such as triggering Blue Screen of Death (BSOD). It maintains persistence and command-and-control communication using RabbitMQ and Redis, and can perform various system management tasks including clearing Windows logs and running remote control servers. The malware consolidates older wiping malware code and is linked to the Crucio ransomware developer and FlockWiper. It enables attackers to flexibly conduct espionage or destructive operations on demand. No known exploits in the wild or patches have been reported.
Potential Impact
GigaWiper enables attackers to perform system-level sabotage by wiping physical drives, encrypting files destructively, and executing commands that can disrupt or destroy Windows installations. It can cause data loss through multi-pass wiping and ransomware-like encryption with unrecoverable keys. The malware also allows attackers to maintain persistent control over infected systems, execute arbitrary commands, clear logs, and remotely control the system, increasing the risk of prolonged compromise and operational disruption.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix is reported, organizations should monitor vendor advisories for updates. Mitigation should focus on detecting and preventing infection through endpoint protection, network monitoring for unusual RabbitMQ and Redis communications, and restricting execution of unauthorized binaries and scripts. Incident response should prioritize containment and recovery from destructive wiping and encryption.
GigaWiper Combines Multiple Malware for System-Level Sabotage
Description
GigaWiper is a sophisticated Go-based backdoor malware with multiple destructive capabilities, including a standalone wiper, ransomware-like encryption, and multi-pass wiping commands. It operates at the physical disk level, wiping drives and removing partition references, and supports extensive command-and-control functions such as executing commands, uploading files, and clearing logs. The malware consolidates multiple older malware components into a modular implant, enabling both espionage and destructive sabotage. It was first observed in October 2025 and is linked to the Crucio ransomware developer and shares code with FlockWiper. No specific affected software versions or patches are currently identified.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
GigaWiper is a modular backdoor malware written in Go that combines multiple malware families and destructive capabilities into a single implant. It includes a physical disk-level wiper that enumerates drives via Windows Management Instrumentation (WMI), removes partition references, wipes drives with multiple erase passes, and reboots the system. The backdoor supports commands to execute destructive wiping, ransomware-like encryption with random keys, file encryption/decryption, and system sabotage such as triggering Blue Screen of Death (BSOD). It maintains persistence and command-and-control communication using RabbitMQ and Redis, and can perform various system management tasks including clearing Windows logs and running remote control servers. The malware consolidates older wiping malware code and is linked to the Crucio ransomware developer and FlockWiper. It enables attackers to flexibly conduct espionage or destructive operations on demand. No known exploits in the wild or patches have been reported.
Potential Impact
GigaWiper enables attackers to perform system-level sabotage by wiping physical drives, encrypting files destructively, and executing commands that can disrupt or destroy Windows installations. It can cause data loss through multi-pass wiping and ransomware-like encryption with unrecoverable keys. The malware also allows attackers to maintain persistent control over infected systems, execute arbitrary commands, clear logs, and remotely control the system, increasing the risk of prolonged compromise and operational disruption.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix is reported, organizations should monitor vendor advisories for updates. Mitigation should focus on detecting and preventing infection through endpoint protection, network monitoring for unusual RabbitMQ and Redis communications, and restricting execution of unauthorized binaries and scripts. Incident response should prioritize containment and recovery from destructive wiping and encryption.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/gigawiper-combines-multiple-malware-for-system-level-sabotage/","fetched":true,"fetchedAt":"2026-07-10T09:17:33.195Z","wordCount":1122}
Threat ID: 6a50b8ad68715ace4355b565
Added to database: 07/10/2026, 09:17:33 UTC
Last enriched: 07/10/2026, 09:17:41 UTC
Last updated: 07/10/2026, 09:17:41 UTC
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.