Skip to main content
  1. Home
  2. Computing
  3. News

Rombertik malware goes nuclear on your drive to avoid detection

Chris Stobing
By

rombertik malware goes nuclear on your drive to avoid detection bccvqg7
Image Credit: Cisco Talos
The newest form of malicious software is both shy and incredibly dramatic. Members of Cisco’s prestigious Talos malware team have revealed in a blog that a new style of malware, dubbed Rombertik, will automatically destroy itself and your hard drive if it realizes someone is trying to detect it.


At face value, Rombertik isn’t much different from most malware distributions, acting as a keylogger for your Web browser that hunts down any information might look remotely like a username/password combination or credit card number. These types of infections are a dime a dozen these days, but what makes Rombertik newsworthy is the way in which it attempts to avoid detection if it’s picked up by an antivirus scan or found in a folder by the user themselves.

Malware with prebuilt instructions on how to avoid detection is nothing new, and any malicious program worth its salt will generally have at least one or two shields set up to keep itself away from the gaze of watchful eyes. This can be anything from hijacking the AV program itself to display false results, to deleting the infected file before a user has a chance to run it past diagnostics.


Rombertik takes these tactics to a whole different level. It will automatically format a person’s hard drive if any part of the infection senses a disturbance to its operations is about to happen. There are a number of other camouflage techniques it will use before the nuclear option, such as loading up sandbox analysis tools with 950 million lines of code at once or attempting to overwrite the master boot record (MBR) to make the computer inoperable, but if all of these fail to prevent someone from getting a look at the innards of Rombertik, it wipes the hard drive it’s been installed on and takes all your data down with it.

Realistically, the only way you might be able to coax Rombertik into self-destruct mode is if you’re a high-level researcher who knows how to get past all its other defenses first, but the fact that the threat is still there is enough to have us checking links in our email twice before making any risky clicks too quick.

Editors' Recommendations

Microsoft’s emoji library goes open source

The design process of emoji.

The most common Microsoft Teams problems, and how to fix them

A close-up of someone using Microsoft Teams on a laptop for a videoconference.

Selling something online? Watch out for this clever new scam

An individual holding a phone and card.

WhatsApp adds new privacy features that everyone should start using

The WhatsApp app icon on a phone with other messaging apps.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Elon Musk talks to the press as he arrives to to have a look at the construction site of the new Tesla Gigafactory near Berlin.

The best Samsung Galaxy Z Fold 4 screen protectors

Samsung Galaxy Z Fold 4.

Splatoon 3 will recieve at least 2 years of support, expansion teased

splatoon 3 support update crossbow

Xenoblade Chronicles 3: How to clean clothes and why you should

Reveal of a titan in Xenoblade Chronicles 3.

Samsung Galaxy Z Fold 4 vs. Galaxy Z Fold 3: Is it time for you to upgrade?

Samsung Galaxy Z Fold 4.

Sony has shipped over 117M PlayStation 4 systems, per final tally

playstation 4 final shipment numbers ps4

The best Google Chrome themes

google wants to kill urls make the internet safer chrome url

This smart desk’s built-in OLED screen looks like science fiction

The Lumina desk, with a monitor and MacBook on the table.

Marvel’s Spider-Man Remastered on PC makes me excited for Sony games again

marvels spider man pc steam deck impressions msmr hero