Microsoft has uncovered a new malicious software called GigaWiper that can not only spy on users but also permanently destroy data on their computers، according to infohub.kz.

According to Microsoft Threat Intelligence، the virus was first detected in October 2025، but the company only now revealed details of its operations.

Microsoft said GigaWiper is not a typical virus but a multi-functional malware. It can directly access the hard drive، delete partition information، and repeatedly overwrite data. After that، the computer restarts، making file recovery nearly impossible with standard methods.

Additionally، the virus can take screenshots، record screen activity، remotely control the computer، collect system information، modify the Windows registry، and delete event logs to cover its tracks.

GigaWiper can also encrypt files، giving them a .candy extension. However، unlike typical ransomware، the files cannot be recovered because encryption keys are generated randomly and not stored anywhere.

To persist in the system، the malware creates a task in Windows Task Scheduler named "OneDrive Update،" masquerading as a legitimate update. For communication with attacker servers، GigaWiper uses RabbitMQ and Redis services، making its network activity harder to detect in corporate networks.

According to Microsoft، the virus combines components of several previously known malware، including the Crucio ransomware and the FlockWiper wiper virus.

As of now، Microsoft reports that GigaWiper is mainly used in targeted attacks against organizations and large companies. There are no signs of mass distribution among home Windows users. Nevertheless، experts recommend regularly updating Windows and antivirus software، not opening suspicious attachments، and using data backups.

Microsoft also advises companies to use modern cyberattack detection tools، monitor for suspicious tasks in Windows Task Scheduler، and watch for unusual network connections.