The British Ministry Education distributed several thousand Windows notebooks to schoolchildren, some of which contained malware. The malware communicated with Russian servers to download more malware.
In the UK, there is a student program that lends (borrows) laptops and tablet PCs to participate in home education. But the UK Department of Education provided laptops containing malware to students.
Windows 10 laptops provided to schools by the government program Get Help With Technology (GHWT) were pre-installed with the Gamarue malware. This is a remote worm accesss since the 2010s who have been keeping a low profile, according to The Register.
The German BSI he says but that it is a malware download program that can reload the malware and run it on the infected system.
In the case of Andromeda / Gamarue, this could be, for example, banking Trojans Citadel, Rovnix or UrlZone / Bebloh.
Additionally, Andromeda/Gamarue can gain additional features with the help of plugins. Among other things, there is a plugin that blocks data access from both email accounts and FTP programs and forwards them to the malware's administrators. As The Register reports, a batch of 23.000 is affected computers.
These devices have been shipped in the last three to four weeks, although it is not clear how many of them are infected. But the BBC he says that few devices have been infected.
Specifically, the affected devices are the GeoBook 1E, manufactured by the Shenzhen-based Tactus team. It is currently considered that the malware was pre-installed on the devices by the manufacturer.