Check Point Research recently discovered Azov, a previously unseen malware that the company says can destroy data on a device in an unrecoverable way. How? Azov works by overwriting your information with random data. “Malware typically is trying to cause you harm in one form or another,” Andrew Barratt, vice president of cybersecurity company Coalfire, told Lifewire in an email interview. “It’s a bit like living with a criminal that you can’t see. It’s going to sit [at] your computer stealing anything that can give it access to your money, and if it can’t do that—it’s going to make your computer of limited use to you.”
A Nasty Virus
Azov is a particularly unpleasant computer infection. Check Point Research said on its blog that one thing that sets Azov apart from recent ransomware is its ability to execute its own code. “This technique allows Azov to avoid detection by static definitions, as its payload can come in so many different forms,” Jesh Sax, a technical account manager at cybersecurity company Tanium, told Lifewire via email. “Once on the system, Azov will corrupt the user’s files and inject its code into other executables, [persisting throughout] the system unless it is completely wiped. This is a destructive piece of malware that circumvents many basic detection methods.” Azov is spreading quickly. Every day, hundreds of new Azov-related samples are submitted to VirusTotal, and as of November 2022, it has already exceeded 17,000. Worryingly, Azov will also infect, or “backdoor,” 64-bit Windows executable files—essential files used to launch and run applications—in a way that doesn’t follow a pattern, Rizwan Virani, CEO of Alliant Cybersecurity, said in an email interview with Lifewire. Instead, Azov infects executable files in a polymorphic way, encoding a completely different code each time it corrupts one, making it harder for security researchers to detect and analyze it. “Azov malware is a wiper malware that overwrites a file’s content and corrupts data,” Virani added. “The complex and random methods by which Azov corrupts files makes it more dangerous than some other malware we’ve seen before.”
Keeping Your Data Safe
Experts say there are ways to guard against malware like Azov. Virani said it’s important to keep your computer and software up to date, including installing the latest antivirus software. He and Sax both added that people should always be careful before clicking on any links, downloading anything from the internet, or opening email attachments or images. “Downloads are one of the easiest ways malware can spread, so proceed with caution if a link is suspicious or unfamiliar,” said Virani. “This extends to file-sharing sites, where there are few protections against malware, and it can lurk in a seemingly innocuous download for a popular movie, for example.” If you’re extra concerned about malware, Virani suggests using a non-administrator account that can’t make system-wide changes for daily web browsing when possible. “Most computers can create multiple accounts, so it’s better to do daily web browsing on an alternative account rather than risk infecting an admin account with malware,” he added. Ironically, the holiday season is one time of the year when you need to be particularly careful about computer infections, Sergio Tenreiro de Magalhaes, the chair of cybersecurity programs for Champlain College, told Lifewire in an email interview. Many people send digital cards to their friends as email attachments or links in emails or text messages. “Cybercriminals know this and create holiday cards that carry malware,” he added. “Even if the sender is a trusted person, that person might not be aware that they are spreading malware with their holiday cards. Therefore, users should never open these attachments or click on those links, and they should not forward these emails or messages to their colleagues and friends.”