Microsoft published new research on GigaWiper, a modular Golang backdoor for Windows that combines robust remote access with multiple ways to permanently destroy systems and data.

GigaWiper is a Windows backdoor that Microsoft has observed in intrusions since October 2025. Rather than being a single-purpose wiper, it’s an operational platform that blends command‑and‑control (C2), data destruction, and remote access options in a single piece of malware.

What’s remarkable is that GigaWiper seems to be built using previously separate tools like the Crucio ransomware and the FlockWiper disk wiper, wrapped into a consolidated framework.

Based on the characteristics of the malware, which include espionage features (screen capture, VNC‑like remote control, system inventory) and multiple ways to irreversibly destroy data, it fits the pattern of an attacker that wants long‑term access but also reserves the option to wipe systems if they choose.

GigaWiper implements about 20 commands, falling broadly into three categories: destruction, remote access/monitoring, and system management. Some examples include: