THE GigaWiper malware, identified by Microsoft Threat Intelligence in October 2025, is a sophisticated backdoor built from multiple malware families, notably utilizing the Go programming language. It incorporates various destructive payloads, including disk wiping, file encryption, and system-level sabotage. GigaWiper operates through a modular backdoor structure that allows attackers to select their method of destruction. Notably, it can wipe drives at a physical level, encrypt files with non-recoverable keys, and execute commands that disrupt system functionality.
GigaWiper's backdoor features include robust command and control capabilities, enabling persistent control over infected systems, along with functionalities that support espionage and destruction. Command categories range from execution of destructive instructions to system manipulation commands, including screen recording and file management processes which enhance attackers' operational flexibility.
The malware's architecture showcases consolidation from at least three malware types, streamlining operational efficiency for cybercriminals. To counter GigaWiper and similar threats, organizations are recommended to adopt security measures like tamper protection for antivirus programs, cloud-based protection, and proactive endpoint detection and response strategies.