Skip to Content
© Thodonal |
Security & privacy

Scary new malware can survive even if you erase and reinstall Windows

Cyberattacks these days are nothing to scoff at. In 2020 alone, we saw a huge spike in cybercrime — and with more businesses moving operations online, threats like ransomware and phishing will only get worse.

Thankfully, PC users have powerful tools to protect ourselves. Some of the best anti-malware programs you can get are totally free to use. Tap or click here to see our favorite free security software.

Most security software can handle viruses and Trojans no problem. But researchers have found a new kind of Trojan that keeps reappearing no matter how many times you delete it. It’s so strong, in fact, that not even a full system reset can get rid of it.

Superbug or cyber weapon?

Tough malware calls for tough solutions — and one of the harshest things a person can do with an infected computer is to completely erase it. This means backing up files, reinstalling the operating system and starting over from scratch. It’s a time-consuming process, but it’s sometimes the only way to deal with certain viruses.

You may also like: Hackers are using upcoming elections to rip you off

But a full reset may not be enough to stop a new strain of malware coming from China. Kaspersky Labs has detected a virus that attaches itself to Windows 10’s startup system. This makes it immune to full system wipes since the malware can’t be found on the hard drive like a normal file.

Instead, the newly discovered malware hides on a computer’s motherboard — which can’t be accessed by the operating system. It also creates a Trojan file called IntelUpdate.exe that reinstalls the malware if you try to remove it.

Once it’s on your system, it spies on your activity, scans for documents and sends them to an unknown host. Worst of all, it’s spread just like thousands of other viruses: through malicious email attachments.

Kaspersky concluded that state-sponsored hackers backed by China or North Korea are behind the malware. They found traces of the Chinese language in the program’s code, but all of the malware’s targets appeared to be enemies of the North Korean government.

In other words, this might not even be a run-of-the-mill virus but a state-sponsored cyberweapon.

What can I do if I get this malware on my computer?

If you’re nervous about this digital threat, you can take a deep breath and relax. So far, all of the victims appear to be diplomatic entities and NGOs in Africa, Asia, and Europe. Coincidentally, they all oppose North Korea.

Unless North Korea or China has a reason to spy on your computer, you’re probably safe. That said, this malware is another urgent reminder to be careful with emails you don’t recognize. If you get a message with an attachment, be doubly cautious.

Here are a few red flags to keep in mind the next time you check your email:

  • Ignore emails from unknown senders. If you don’t know who it’s coming from, there’s no reason to check it.
  • If an email comes from an unknown sender with an attachment, delete the email and do not open the attachment!
  • If you get an email from someone you do know that includes an attachment, confirm with the sender that they actually sent you the message. Hackers can easily spoof or hijack email addresses to impersonate people.

Tap or click here to see how the Emotet botnet uses email addresses to spread malware and spam.

This malware is scary, no doubt — but it seems like it’s built more for spying than cyberattacks. Let’s just hope the hackers behind it don’t try to mix its code with ransomware to create something much worse.

Tap or click here to see how ransomware shut down a hospital network and endangered lives.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days