The British Ministry of Education distributed several thousand Windows notebooks to students, some of which contained malware. The malware was communicating with Russian servers to download more malware.
In the UK, there is a student program that lends (borrows) laptops and tablet PCs to participate in home education. But the UK Department of Education provided laptops containing malware to students.
Windows 10 laptops provided to schools by the government program Get Help With Technology (GHWT) contained the pre-installed Gamarue malware. It is a low-profile remote access worm from the 2010s, according to The Register.
The German BSI he says but that it is a malware download program that can reload the malware and run it on the infected system.
In the case of Andromeda / Gamarue, this could be, for example, the banking Trojans Citadel, Rovnix or UrlZone / Bebloh.
In addition, Andromeda / Gamarue can get additional features with the help of add-ons. Among other things, there is an add-on that blocks data access from both email accounts and FTP programs and forwards them to malware administrators. According to The Register, a lot of 23.000 computers are affected.
These devices have been shipped in the last three to four weeks, although it is not clear how many of them are infected. But the BBC he says that few devices have been infected.
Specifically, the affected devices are the GeoBook 1E, manufactured by the Shenzhen-based Tactus team. It is currently considered that the malware was pre-installed on the devices by the manufacturer.