Gamarue Trojan malware has been detected in a number of refurbished laptops given by the government to disadvantaged children in England. The infected devices have been infected with malware that appears to be communicating with a C2 network in Russia.
The compromised laptops were given out to promote home-schooling activities during the ongoing nationwide lockdown. A report by BBC reveals that the Trojan was found by teachers at a school in Bradford on a limited number of computers.
An investigation of the case has started and it is yet to be revealed how many computers were hacked and how many schools have been distributing the infected devices to their students.
Gamarue is a strain of Trojan-based malware is known to the cyber community since 2011. The malware has been circulating around the web quite actively prior to the takedown of the botnet behind it in 2017.
Some people in the cyber circles refer to Gamarue also as Andromeda. The Trojan compromises its victims mostly through harmful spam emails. Its agenda is to install malicious software, download additional malware, and copy itself to portable media, such as a USB drive. When installed on the computer, the threat gathers details regarding surfing patterns and sends this information to a server.
The Department for Education (DfE) has been informed about the case and its IT team is in contact with the schools involved. According to a DfE spokesperson, the malware has compromised only a small number of laptops in a limited number of schools. The malware was found and successfully removed in all known cases.
The Department assures that their team is working hard to ensure online safety and security and will keep monitoring any future reports regarding malware on school devices. All schools that have concerns regarding the safety of their devices or detect malware should notify the Department of Education.
This incident does not suggest the Gamarue is now a major concern again, but it rather suggests a failure by the government to carefully prepare the refurbished laptops for redistribution.
It should be noted that children lack the technological skills to realize that their equipment is corrupted. Therefore, it is recommended that parents who receive laptops from a school for their children should be on alert about any unusual activity such as pop-ups or odd apps emerging and should notify the administration for that.
In their statement, the Department of Education notices that privacy and cybersecurity must be top goals for the government and for schools, and there should be more control on any devices that are distributed.
Security consultants classify Gamarue as a serious threat to the safety of any PC or network. Users can reboot the infected laptop in a Safe Mode and run a complete scan with trusted anti-malware software. However, it is best to seek professional assistance in order to ensure that Gamarue been successfully removed. It is suggested that schools should also check their networks as an additional measure of precaution.
In case you are looking for a way to remove Gamarue by yourself, here is a detailed removal guide with all the necessary steps for removal.