New Delhi: A new malware named CaddyWiper has been discovered in Ukraine by security researchers from ESET, a Slovakia-based cybersecurity firm amid the Russian invasion and this is the third wiper malware that has been spotted. According to the researchers who discovered the destructive wiper malware the CaddyWiper affects by erasing user data and partition information from any drives attached to a machine that has been compromised.
"#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine πΊπ¦. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7," security researchers at ESET tweeted.
According to the security researchers, unlike the HermeticWiper and IsaacWiper malware that were discovered in Ukraine earlier, CaddyWiper does not share any significant code similarity with or any other malware known to them. "CaddyWiper does not share any significant code similarity with #HermeticWiper, #IsaacWiper or any other malware known to us. The sample we analyzed was not digitally signed. The sample we analyzed was not digitally signed," ESET research added in another tweet.
According to a thread, the new malware CaddyWiper works by corrupting files on a machine and overwriting them with null byte characters, thus, resulting in losing the user data forever. A wiper malware essentially works by permanently deleting data from an affected machine.
Amid Russia’s invasion of Ukraine, ESET researchers had picked up HermeticWiper on the networks of a number of high-profile Ukrainian organisations. The campaigns also leveraged HermeticWizard, a custom worm used for propagating HermeticWiper inside local networks, and HermeticRansom, which acted as decoy ransomware.