APT / THREAT GROUP

CoViper

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

PCRisk notes that CoViper is yet another Coronavirus/COVID-19-themed malware infection, most likely proliferated as a file related to the pandemic. It operates by rewriting the system Master Boot Record (MBR). It does not delete the original, but rather creates a backup and replaces it with a custom MBR.

Typically, malicious software that modifies MBRs do so to prevent the Operating System (OS) from being booted (i.e., started). It also displays a screen-encompassing message, often containing a ransom message - this disables user access to the device.

Threat Analysis

CoViper is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.coviperCoViper

External Intelligence

Malpedia: win.coviper

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
CoViper — APT / Threat Group | Threat Intelligence | CTIWATCH.COM