Gamarue malware is also called Andromeda and Wauchos for having associations with Russian servers.

Fremont, CA: A couple of years ago, Police in Taiwan circulated malware-infected USBs as cybersecurity quiz awards. Now, UK schools found out that a majority of the government-allotted laptops for promoting homeschooling are infected with malware associated with Russian servers. This elevates concerns that hackers are attempting to steal data from students.

Bradford school representatives accepted several laptops to assist homeschooling vulnerable students. However, the laptops came pre-installed with the virus. Several school employees shared virus details on an online forum. Marium Haque, the Deputy Director of Education and Learning at Bradford Council stated that upon unboxing and setting up the laptops for the student, the council found that majority were infected with self-propagating network worms.

The infected laptops had Gamarue.1, a Gamarue virus alternative, which Microsoft identified back in 2012. The virus provides the attacker maximum control of the device, and they can obtain files from the laptop and web browser. Moreover, it is a self-propagating network worm downloads and installs spyware to steal private data about users, including financial information and browsing habits.  The UK Department of Education affirmed the news and declared that only a small number of laptops were infected. A DoE representative stated that the malware was eliminated instantly after the devices were turned on. The department claims that only 10% of the total laptops had the virus.

The infected laptops are definite evidence that hackers are now attempting to either monetize or profit from the pandemic-led necessity for online education and homeschooling. Now schools need to induce supplementary exercises to ensure that the government supplied laptops are 100% safe before the devices are distributed to the students. As per the Bradford Council, the network worm found in the government-sponsored laptops tried to communicate to Russian servers as soon as they become active.