Skip to main content

Kaspersky Lab uncovered a new wiper malware

(Image credit: Photo Credit:

Security researchers from Kaspersky Lab have announced they found a very potent malware, one which is capable of completely wiping the contents of a disk. Announcing the finding this Monday, Kaspersky Lab says the malware, which they dubbed StoneDrill, was found on just two machines so far – one in the Middle East, and one in Europe.

The researchers claim StoneDrill is both similar and 'very different and more sophisticated' than another wiper malware – Shamoon 2.0. They actually stumbled upon StoneDrill while investigating Shamoon 2.0.

At this time, researchers still don't know how the malware is propagated, but they do know how it works:

“Once on the attacked machine it injects itself into the memory process of the user’s preferred browser. During this process it uses two sophisticated anti-emulation techniques aimed at fooling security solutions installed on the victim machine. The malware then starts destroying the computer’s disc files.”

This is obviously more serious than your average virus. There is also a StoneDrill backdoor, apparently created by the same code writers, and created for the purpose of espionage. 

“Experts discovered four command and control panels which were used by attackers to run espionage operations with help of the StoneDrill backdoor against an unknown number of targets,” the report states.

“We were very intrigued by the similarities and comparisons between these three malicious operations. Was StoneDrill another wiper deployed by the Shamoon actor? Or are StoneDrill and Shamoon two different and unconnected groups that just happened to target Saudi organisations at the same time? Or, two groups which are separate but aligned in their objectives? The latter theory is the most likely one: when it comes to artefacts we can say that while Shamoon embeds Arabic-Yemen resource language sections, StoneDrill embeds mostly Persian resource language sections. Geopolitical analysts would probably be quick to point out that both Iran and Yemen are players in the Iran-Saudi Arabia proxy conflict, and Saudi Arabia is the country where most victims of these operations were found. But of course, we do not exclude the possibility of these artefacts being false flags,” said Mohamad Amin Hasbini, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

Photo Credit:

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.