StoneDrill Wiper Malware Moving To European Targets

Roland Moore-Colyer,
Christmas bomb security breach malware © leonello calvetti Shutterstock

Shamoon malware appears to have evolved into a browser-lurking cyber threat

Kaspersky researchers have discovered sophisticated malware which can wipe everything on a targeted computer and has been used in European and Middle Easter target.

The malware dubbed StoneDrill appears to be an evolution of the Shamoon malware, which was used to take down 35,000 computers used by an oil and gas company operating in the Middle East in 2012.

As ‘wiper malware’ StoneDrill is particularly dangerous as not only can it destroy everything on computer systems, but it also contains sophisticated espionage tools and employs anti-detection techniques.

StoneDrill wiper malware

Smartphone, drill © Alex Ionas, Shutterstock 2014While Kaspersky’s researchers do not currently know how StoneDrill is spread, they know it can lurk in the memory process of the user’s browser on an infected machine. From there it can avoid detection by tricking malware detection tool through advanced anti-emulation techniques and then star destroying the files on the targeted machine.

It effectively destroys computers by overwriting the physical and logical disk drives in a machine with random numbers which makes their original information impossible to recover and renders the targeted machine useless.

StoneDrill also contains a backdoor module which leaves a targeted machine open to malicious actors that have the scope to use one of four command and control servers the module links to, which would suggest that the malware can be used for espionage and data stealing activities as well as devastating wipe attacks.

By operating in the browser and at a file level, StoneDrill does not need to use disk drivers to install itself on a target machine, which also makes it difficult to detect.

Further adding to StoneDrill’s malware payload is a ransomware module designed to encrypt files on a targeted machine.

While StoneDrill contains Persian language resource sections and has been aimed at Middle Eastern targets, Kaspersky’s researchers suggest attacks could spread further afield after an attack was detected in Europe.

“The discovery of the StoneDrill wiper in Europe is a significant sign that the group is expanding its destructive attacks outside the Middle East. The target for the attack appears to be a large corporation with a wide area of activity in the petro-chemical sector, with no apparent connection or interest in Saudi Arabia,” said Kaspersky’s researchers.

The current impact of StoneDrill is unknown, but the potential of wiper malware to wreak havoc has been seen before, and unless organisations and security firms an take action to block StoneDrill, there is scope for it to have a significant impact.

Are you a security guru? Try our quiz!