New Variant of KillDisk Malware Target Financial Organization in Latin America

No featured articles available

Check back soon for the latest updates and featured content.

Researchers at Trend Micro spotted a new variant of disk wiping KillDisk malware targeting financial organization in Latin America.

Researchers at Trend Micro spotted a new variant of disk wiping KillDisk malware targeting financial organization in Latin America.Earlier in January, a variant of KillDisk malware was seen targeting financial organization in Latin America.In May, researchers discovered a master boot record (MBR)-wiping malware in Latin America. A bank was also infected with the malware resulting in disruptions of operation over a week.

“Last May, we uncovered a master boot record (MBR)-wiping malware in the same region. One of the infected organizations was a bank whose systems were rendered inoperable for several days, thereby disrupting operations for almost a week and limiting services to customers. “ said in the post published by Trend Micro

The attack was just a distraction the real goal was to get access to the systems connected to the bank’s local SWIFT network.

Based on the error message displayed in the affected researchers were able to determine the malware was another variant of KillDisk.

Source: Trend Micro

In the initial analysis discovered the file was created using Nullsoft Scriptable Install System (NSIS), an open-source application used to create setup programs.

The attackers named the file as “MBR Killer” and was protected with VMProtect which is a tool used to protect against reverse engineering.

Researchers did not find any evidence of command-and-control (C&C) infrastructure or communication in the sample file.

Working of KillDisk Malware

The malware will wipe all the physical hard disk found on the infected system. The KillDisk uses the application programming interface (API) CreateFileA to \.PHYSICALDRIVE0 to retrieve the handle of the hard disk.

The malware then overwrites the first sector of the disk (512 bytes) with “0x00” and force the system to shutdown via the API ExitWindows.

Source: Trend Micro

“The destructive capabilities of this malware, which can render the affected machine inoperable, underscore the significance of defense in depth: arraying security to cover each layer of the organization’s IT infrastructure, from gateways and endpoints to networks and servers.”

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

New Variant of KillDisk Malware Target Financial Organization in Latin America

Researchers at Trend Micro spotted a new variant of disk wiping KillDisk malware targeting financial organization in Latin America.

Share Your Story!

No featured articles available

Researchers at Trend Micro spotted a new variant of disk wiping KillDisk malware targeting financial organization in Latin America.

Stay Updated with the Latest Cybersecurity News