Microsoft has unveiled a destructive Windows backdoor named GigaWiper, which allows operators remote control over compromised systems to execute irreversible damage. GigaWiper originated from cyberattacks in October 2025 and is a composite of code from at least three malware families. It maintains its presence through a scheduled task disguised as “OneDrive Update,” executing at startup and every minute. GigaWiper can obliterate partition information, overwrite physical drives, and restart systems. It also mimics ransomware by encrypting files with the .candy extension, using randomly generated keys that are not stored, making recovery impossible. The malware has connections to the Crucio ransomware and resembles FlockWiper, with rewritten code in Go. GigaWiper features 20 command codes for various functions, including executing PowerShell instructions, managing processes, capturing screenshots, and remote access similar to VNC. It can remain on a system for surveillance until its destructive functions are activated. Microsoft Defender includes detection capabilities for GigaWiper, and users are advised to enable tamper protection and monitor for suspicious activities.