Skip to main content

Rombertik malware goes nuclear on your drive to avoid detection

The newest form of malicious software is both shy and incredibly dramatic. Members of Cisco’s prestigious Talos malware team have revealed in a blog that a new style of malware, dubbed Rombertik, will automatically destroy itself and your hard drive if it realizes someone is trying to detect it.


At face value, Rombertik isn’t much different from most malware distributions, acting as a keylogger for your Web browser that hunts down any information might look remotely like a username/password combination or credit card number. These types of infections are a dime a dozen these days, but what makes Rombertik newsworthy is the way in which it attempts to avoid detection if it’s picked up by an antivirus scan or found in a folder by the user themselves.

Recommended Videos

Malware with prebuilt instructions on how to avoid detection is nothing new, and any malicious program worth its salt will generally have at least one or two shields set up to keep itself away from the gaze of watchful eyes. This can be anything from hijacking the AV program itself to display false results, to deleting the infected file before a user has a chance to run it past diagnostics.


Rombertik takes these tactics to a whole different level. It will automatically format a person’s hard drive if any part of the infection senses a disturbance to its operations is about to happen. There are a number of other camouflage techniques it will use before the nuclear option, such as loading up sandbox analysis tools with 950 million lines of code at once or attempting to overwrite the master boot record (MBR) to make the computer inoperable, but if all of these fail to prevent someone from getting a look at the innards of Rombertik, it wipes the hard drive it’s been installed on and takes all your data down with it.

Realistically, the only way you might be able to coax Rombertik into self-destruct mode is if you’re a high-level researcher who knows how to get past all its other defenses first, but the fact that the threat is still there is enough to have us checking links in our email twice before making any risky clicks too quick.

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
Is macOS more secure than Windows? This malware report has the answer
A person using a laptop with a set of code seen on the display.

It’s a long-held belief that Macs are less at risk of malware and viruses than Windows PCs, but how true is that? Well, a new report has shed some light on the situation -- and the results might surprise you.

According to threat research firm Elastic Security Labs, roughly 39% of all malware infections happen on Windows PCs. In good news for Apple fans, only 6% of breaches occurred on macOS, making Mac systems far less vulnerable than their Windows counterparts.

Read more
This Mac malware can steal your credit card data in seconds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Despite their reputation for security, Macs can still get viruses, and that’s just been proven by a malicious new Mac malware that can steal your credit card info and send it back to the attacker, ready to be exploited. It’s a reminder to be careful when opening apps from unknown sources.

The malware, dubbed MacStealer, was discovered by Uptycs, a threat research firm. It hoovers up a wide array of your personal data, including the iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. That means there’s a lot that could be at risk if it gains a foothold on your Mac.

Read more
This critical macOS flaw may leave your Mac defenseless
A close-up of a MacBook illuminated under neon lights.

Apple’s macOS operating system has such a strong reputation for security that many people mistakenly believe Macs simply aren’t affected by malware. Well, Microsoft has served up a reminder that that’s not true, as the company has identified a serious vulnerability that affects one of macOS’s most important lines of defense.

According to Bleeping Computer, the bug was first reported by Jonathan Bar Or, Microsoft’s principal security researcher, who named the flaw Achilles. It is now tracked as CVE-2022-42821.

Read more