GrooveMonitor: Another Wiper Copycat?
Yesterday the Iranian CERT made an announcement about a new piece of wiper-like malware. We detect these files as Trojan.Win32.Maya.a.
This is an extremely simplistic attack. In essence, the attacker wrote some BAT files and then used a BAT2EXE tool to turn them into Windows PE files. The author seems to have used (a variant of) this particular BAT2EXE tool.
There’s no connection to any of the previous wiper-like attacks we’ve seen. We also don’t have any reports of this malware from the wild.