{"id":372050,"date":"2026-07-10T12:36:00","date_gmt":"2026-07-10T19:36:00","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/en\/?p=372050"},"modified":"2026-07-10T12:36:41","modified_gmt":"2026-07-10T19:36:41","slug":"gigawiper-malware-surfaces-on-windows-pcs-it-can-spy-and-wipe","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/gigawiper-malware-surfaces-on-windows-pcs-it-can-spy-and-wipe\/","title":{"rendered":"GigaWiper malware surfaces on Windows PCs: it can spy and wipe"},"content":{"rendered":"<p class=\"wp-block-paragraph\">Microsoft first spotted GigaWiper in October 2025. It\u2019s a Windows malware strain that blends remote-access Trojan behavior with disk-wiping attacks.<\/p>\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" alt=\"Malwarebytes Anti-Malware\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-s\/p\/c4cf3a2e-99ea-11e6-8662-00163ec9f5fa\/94049179\/malwarebytes-anti-malware-logo\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Malwarebytes Anti-Malware<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/malwarebytes-anti-malware.en.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\">Download<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        <svg class=\"rating-score__content\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.1\" x=\"0\" y=\"0\" viewbox=\"0 0 50 50\" enable-background=\"new 0 0 50 50\" xml:space=\"preserve\"><path class=\"rating-score__background rating-score--good\" fill=\"none\" stroke-width=\"6\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><path class=\"rating-score__value rating-score__value--0\" fill=\"none\" stroke-width=\"6\" stroke-dashoffset=\"0\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><text class=\"rating-score__number\" content=\"\" text-anchor=\"middle\" transform=\"matrix(1 0 0 1 25 31.0837)\" data-auto=\"app-user-score\"><\/text><\/svg>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\" onerror=\"this.style.display='none'\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/malwarebytes-anti-malware.en.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Binary Defense took a closer look in March 2026 and analyzed the same malware under the name <a href=\"https:\/\/bluerabbit.en.softonic.com\/\" rel=\"noopener\">BLUERABBIT<\/a>. Its researchers say GigaWiper is modular and stitched together from at least three older malware families, with code tied to Crucio ransomware and FlockWiper, which leaves one infection able to do <strong>two jobs at once<\/strong>: watch what\u2019s happening on a system, then wreck it.<\/p>\n\n<p class=\"wp-block-paragraph\">Binary Defense says GigaWiper can overwrite an entire physical drive, run a multi-pass wipe on the Windows drive, or pretend to be ransomware by encrypting files with a key that\u2019s never saved. That kind of misdirection showed up in attacks like NotPetya, where victims could be led to believe <strong>recovery was still on the table<\/strong> when it wasn\u2019t.<\/p>\n\n<p class=\"wp-block-paragraph\">If you\u2019re responsible for protecting businesses, government bodies, or critical infrastructure, pay attention to this one. Binary Defense links GigaWiper to an Iran-linked actor also associated with BLUEWIPE and SEWERGOO, known for targeting organizations in Israel, and the all-in-one design gives attackers a way to <strong>hold back obvious warning signs<\/strong> until later in the intrusion.<\/p>\n\n<p class=\"wp-block-paragraph\">The malware goes after Windows systems and falls into the same geopolitically charged wiper pattern seen in <a href=\"https:\/\/en.softonic.com\/articles\/this-dangerous-windows-zero-day-vulnerability-may-have-been-used-in-the-war-in-ukraine\" rel=\"noopener\">the 2026 Stryker attack<\/a>, which reports say wiped <strong>more than 80,000 devices<\/strong> across 79 countries, and in the late-2025 DynoWiper attempt against Poland\u2019s energy sector.<\/p>","protected":false},"excerpt":{"rendered":"<p>Microsoft first spotted GigaWiper in October 2025. It\u2019s a Windows malware strain that blends remote-access Trojan behavior with disk-wiping attacks. Binary Defense took a closer look in March 2026 and analyzed the same malware under the name BLUERABBIT. Its researchers say GigaWiper is modular and stitched together from at least three older malware families, with &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/gigawiper-malware-surfaces-on-windows-pcs-it-can-spy-and-wipe\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;GigaWiper malware surfaces on Windows PCs: it can spy and wipe&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9326,"featured_media":372049,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-372050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/372050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9326"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=372050"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/372050\/revisions"}],"predecessor-version":[{"id":372051,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/372050\/revisions\/372051"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/372049"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=372050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=372050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=372050"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=372050"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=372050"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=372050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}