Gamarue malware is also known as Andromeda or Wauchos having linked to Russian servers.
A few years ago, Police in Taiwan distributed malware-infected USBs as cybersecurity quiz prizes. Now, UK schools found out that most government-allotted laptops to facilitate homeschooling are infected with malware linked to Russian servers. This raises concerns that hackers are trying to steal data from students.
Reportedly, Bradford school employees received several laptops to aid in homeschooling vulnerable students. However, the laptops came pre-installed with the virus. Many school employees shared virus details on an online forum.
The deputy director of education and learning at Bradford Council, Marium Haque, stated that:
“Upon unboxing and preparing them, it was discovered that a number of the laptops were infected with a self-propagating network worm.”
Laptops Contained Gamarue Virus
Reportedly, the infected laptops contained Gamarue.1, a Gamarue virus variant, which Microsoft identified back in 2012. The virus gives the attacker maximum control on the device, as they can access files and even the PC’s web browser.
Furthermore, it is a self-propagating network worm that downloads and installs spyware to steal confidential data about users, including financial data and browsing habits. However, it cannot access webcams and mics.
It is worth noting that the malware is also known as Andromeda/Wauchos and in 2017, authorities had dismantled the botnet that infected millions of devices at that time.
Department of Education Confirmation
The UK Department of Education confirmed the news and stated that only a small number of laptops were infected and not all. A DoE spokesperson said that the malware was removed immediately after the devices were turned on. The department claims that 10% of the total received laptops had the virus.
Hackers Trying to Sabotage Online Education
The infected laptops are clear proof that hackers are now trying to either monetize or benefit from the pandemic-led need for homeschooling and online education. Now schools need to induce additional efforts to ensure that the government supplied laptops are 100% safe before the devices are sent out to the students.
Virus Links with Russian Servers
According to the Bradford Council, the network worm found in the government-sponsored laptops tries to contact Russian servers as soon as it becomes active. Schools need to move quickly and address the problem and check their networks for any possibility of compromise.