Skip to main content

Rombertik malware goes nuclear on your drive to avoid detection

rombertik malware goes nuclear on your drive to avoid detection bccvqg7
Image Credit: Cisco Talos
The newest form of malicious software is both shy and incredibly dramatic. Members of Cisco’s prestigious Talos malware team have revealed in a blog that a new style of malware, dubbed Rombertik, will automatically destroy itself and your hard drive if it realizes someone is trying to detect it.


At face value, Rombertik isn’t much different from most malware distributions, acting as a keylogger for your Web browser that hunts down any information might look remotely like a username/password combination or credit card number. These types of infections are a dime a dozen these days, but what makes Rombertik newsworthy is the way in which it attempts to avoid detection if it’s picked up by an antivirus scan or found in a folder by the user themselves.

Malware with prebuilt instructions on how to avoid detection is nothing new, and any malicious program worth its salt will generally have at least one or two shields set up to keep itself away from the gaze of watchful eyes. This can be anything from hijacking the AV program itself to display false results, to deleting the infected file before a user has a chance to run it past diagnostics.


Rombertik takes these tactics to a whole different level. It will automatically format a person’s hard drive if any part of the infection senses a disturbance to its operations is about to happen. There are a number of other camouflage techniques it will use before the nuclear option, such as loading up sandbox analysis tools with 950 million lines of code at once or attempting to overwrite the master boot record (MBR) to make the computer inoperable, but if all of these fail to prevent someone from getting a look at the innards of Rombertik, it wipes the hard drive it’s been installed on and takes all your data down with it.

Realistically, the only way you might be able to coax Rombertik into self-destruct mode is if you’re a high-level researcher who knows how to get past all its other defenses first, but the fact that the threat is still there is enough to have us checking links in our email twice before making any risky clicks too quick.

Editors' Recommendations

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
This new malware is targeting Facebook accounts – make sure yours is safe
Facebook logo appears with a hooded figure over a cracked blue background.

In the ongoing barrage of cyberattacks, Facebook users are being targeted by a new version of the Ducktail malware that originally surfaced in July. The first implementation was specifically aimed at Facebook Business accounts, but it has recently become a more widespread danger.

The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it happens to be a business account, payment methods could be discovered, putting your money at risk. Furthermore, Facebook Business data might include billing information and cycles, which could be used to help disguise unauthorized purchases.

Read more
Nvidia’s Drive Concierge will fill your car with screens
An interior view of Nvidia's Drive Concierge in-car infotainment system, showing various in-car displays in use.

At Nvidia’s GTC show today, the company announced two new systems in its in-car computing efforts, including a new product that could outfit your vehicle with an array of AI-powered screens and dashboards.

The first announcement is a new in-car infotainment system that includes graphics and visuals for drivers alongside game and movie streaming for passengers. Dubbed Drive Concierge, Nvidia says it will make driving “more enjoyable, convenient and safe.”

Read more
Hackers can now sneak malware into the GIFs you share
A video call in progress on Microsoft Teams.

How low will malware go to get onto your device? We thought using Minecraft to gain access to your computer was the most nefarious method hackers have produced, but there's a new, even lower type of attack that uses Microsoft Teams and GIFs to mount phishing attacks on your computer.

The new attack is called GIFShell and it installs malware on your computer to steal data. It does so by sneaking itself into innocent-looking GIFs and then waiting for you to share the GIF with your colleagues via Microsoft Teams.

Read more