A security analysis from Microsoft Threat Intelligence has revealed a new malware strain that combines hard drive destruction with real-time surveillance. Called GigaWiper, this backdoor assembles capabilities from multiple known malware families into a single package capable of wiping data, spying on users and streaming screen activity live.

What You Need to Know

This multi-functional malware represents an escalation in cyber threats where attackers no longer need separate tools for different objectives. A single GigaWiper infection can lead to both permanent data loss and continuous surveillance. Security teams must update detection rules to account for this blended threat approach.

How GigaWiper Operates

GigaWiper functions as a destructive backdoor that loads multiple malware modules onto an infected system. Each module handles a distinct task: one erases files and partitions, another captures keystrokes and a third streams the desktop live to a remote attacker. The malware avoids simple detection by hiding its components inside legitimate processes.

  • Drive wiper module: Overwrites hard drive data using random writes, making recovery nearly impossible.
  • Surveillance module: Captures screenshots and streams live video of the desktop to a command-and-control server.
  • Spyware module: Logs keystrokes, steals credentials and exfiltrates sensitive documents.

Microsoft Threat Intelligence identified the malware after observing unusual network traffic patterns. The module combination suggests the authors deliberately designed GigaWiper for both sabotage and espionage.

Targets and Impact

GigaWiper appears to target Windows systems, though researchers have not confirmed a specific victim profile. The malware's dual nature makes it especially dangerous for organizations that handle sensitive data. A successful attack could destroy critical files while attackers watch the user's every action, potentially capturing credentials before the system fails.

Enterprises storing customer records or intellectual property face the highest risk. The malware's ability to stream the screen live means attackers can observe manual data entry, internal communications and system configurations in real time. This information could then be used to launch follow-up attacks on connected networks.

Home users also face risk if they connect to corporate VPNs or store work files on personal devices. The destruction of personal data such as family photos and financial documents compounds the damage.

Why This Matters

GigaWiper signals a troubling shift in malware development. Attackers increasingly bundle multiple functions into a single payload instead of deploying separate tools for wiping and surveillance. This consolidation makes infections harder to detect and faster to execute.

For security vendors, the emergence of hybrid malware like GigaWiper forces a rethinking of defense strategies. Traditional antivirus tools that rely on signature detection may miss the combined behavior. Endpoint detection and response systems must monitor for simultaneous write and stream activity to catch such threats early.

Organizations that already experienced wiper attacks without surveillance, or surveillance without destruction, must now prepare for both at once. Regular backups and network segmentation provide some protection but cannot prevent the exposure of live screen footage. The rise of these blended threats underscores the need for zero-trust architectures and behavioral analytics that spot anomalies across multiple signals.