During the pandemic period of Covid-19, the UK government initiated a program to assist low-income students by distributing devices to access the remote teaching. A praiseworthy attitude, were it not for one detail: notebooks donated by the Department of Education (DfE, Department for Education) were infected with a malware.

The discovery was made by teachers from the Bradford Schools online teaching platform, while government-provided equipment - and running the operating system Windows - were prepared for distribution.


"While we were unpacking and preparing the material, we found that some laptops were infected with a worm capable of spreading over networks," said one of the teachers. The assistance program also included free internet access thanks to a partnership with telephone operators.

The DfE spoke to the with the BBC, explaining that the situation will be investigated urgently. “We are aware of an issue with a small number of devices. And we are investigating the case as a priority to resolve the impasse as soon as possible ”, declared the agency. Information technology staff were mobilized to contact affected students.

By January 2021, more than 800 notebooks and tablets had been distributed to schools and other educational institutions. However, the DfE says it believes that the malicious software has not spread.

What malware does

Infected notebooks contained modular malware called Gamarue or Andromeda, known to be used by Russian and Eastern European cybercriminals. It grants access to devices through a TeamViewer, and provides support for keyloggers, rootkits, SOCKS4 / 5 proxy servers and formgrabbers.

Gamarue's chain of attack. Credit: Microsoft / Disclosure

With this “package”, the malware was able, for example, to see typed information, redirect traffic on computers and steal data from browsers. Criminals were also able to modify device settings and obtain users' personal data and documents.

Street: Bleeping Computer