File‑less CanisterWorm wiper hits Iranian organizations

A new wiper dubbed “CanisterWorm” has been observed in the wild targeting entities in Iran. The payload executes without dropping traditional binaries, leveraging native Windows utilities and PowerShell to infiltrate systems. Once active, it methodically corrupts critical system files, registry entries, and boot components, rendering machines inoperable and wiping data beyond recovery.

The campaign caused immediate operational shutdowns for several Iranian firms, with victims reporting complete loss of mission‑critical data and prolonged downtime while rebuilding environments. Defenders must treat CanisterWorm as a serious threat: its file‑less nature evades many conventional AV signatures, and its destructive behavior leaves no foothold for remediation. Organizations should prioritize behavior‑based detection, strict PowerShell logging, and robust backup isolation to mitigate similar wiper attacks.

Categories: Malware & Ransomware, Threat Intelligence

Source: Read original article