A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.
Screenlockers are malware programs that display a lock screen when logging into Windows so that you cannot access the Windows desktop or interact with your installed programs and files.
This new screenlocker is called ‘CoronaLocker’ and was discovered by security researcher Max Kersten last week after a friend became infected by a program named ‘wifihacker.exe’.
When installed, the malware will extract numerous VBS files and a batch file that, when used together, create an annoying screenlocker functionality.
One of the VBS files called ‘speakwh.vbs’ uses speech synthesis to say “corona virus” over and over to be annoying.
Once installed, the computer will reboot, and upon restart, users will be shown a lock screen stating “you are infected of corona virus” with a contact email of
When a user logs into Windows, they will be shown a lock screen with an email address of
To see what Registry entries have been modified, you can see Kersten’s blog post.
It is not known how this malware is being distributed, but I would not be surprised to find out it was through YouTube videos or on Discord.
The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.