StoneDrill Wiper Malware Moving To European Targets

Kaspersky researchers have discovered sophisticated malware which can wipe everything on a targeted computer and has been used in European and Middle Easter target.

The malware dubbed StoneDrill appears to be an evolution of the Shamoon malware, which was used to take down 35,000 computers used by an oil and gas company operating in the Middle East in 2012.

As ‘wiper malware’ StoneDrill is particularly dangerous as not only can it destroy everything on computer systems, but it also contains sophisticated espionage tools and employs anti-detection techniques.

StoneDrill wiper malware

While Kaspersky’s researchers do not currently know how StoneDrill is spread, they know it can lurk in the memory process of the user’s browser on an infected machine. From there it can avoid detection by tricking malware detection tool through advanced anti-emulation techniques and then star destroying the files on the targeted machine.

It effectively destroys computers by overwriting the physical and logical disk drives in a machine with random numbers which makes their original information impossible to recover and renders the targeted machine useless.

StoneDrill also contains a backdoor module which leaves a targeted machine open to malicious actors that have the scope to use one of four command and control servers the module links to, which would suggest that the malware can be used for espionage and data stealing activities as well as devastating wipe attacks.

By operating in the browser and at a file level, StoneDrill does not need to use disk drivers to install itself on a target machine, which also makes it difficult to detect.

Further adding to StoneDrill’s malware payload is a ransomware module designed to encrypt files on a targeted machine.

While StoneDrill contains Persian language resource sections and has been aimed at Middle Eastern targets, Kaspersky’s researchers suggest attacks could spread further afield after an attack was detected in Europe.

“The discovery of the StoneDrill wiper in Europe is a significant sign that the group is expanding its destructive attacks outside the Middle East. The target for the attack appears to be a large corporation with a wide area of activity in the petro-chemical sector, with no apparent connection or interest in Saudi Arabia,” said Kaspersky’s researchers.

The current impact of StoneDrill is unknown, but the potential of wiper malware to wreak havoc has been seen before, and unless organisations and security firms an take action to block StoneDrill, there is scope for it to have a significant impact.

Are you a security guru? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Google Unveils Next Gen AI Gemini 2.0

Amid a potential breakup threat from US authorities, Google releases next generation of its AI…

49 mins ago

Supreme Court Permits Nvidia Investor Lawsuit To Proceed

Setback for Nvidia after Supreme Court rules class-action lawsuit against AI chip giant for misleading…

15 hours ago

TikTok Files Challenge Against Canadian Shutdown Order

Notice filed in federal court to challenge Canadian government order to shutdown TikTok's Canada's operations

17 hours ago

Apple Intelligence Launches In UK, Siri Integrated With ChatGPT

Users of the iPhone 15 and later in the UK can now experience Apple Intelligence,…

18 hours ago

US Awards Micron $6.1 Billion From US Chips Act

Biden administration awards $6.1 billion subsidy from US Chips Act for Micron's Idaho and and…

20 hours ago

California Mulls Health Warnings For Social Media Sites

Bill (if passed) could see California become the first US state to require mental health…

23 hours ago