Russian malware found on government-issued laptops for home schooling

Malware found to be contacting servers in Russia thought to be Gamarue.I worm

Russian malware has been identified on some laptops provided by the government to schools in England as part of the efforts to support home-schooling of vulnerable children.

According to the BBC, the issue emerged after teachers of a school in Bradford shared the details of the malware in an online forum. They revealed that the laptops sent out by the government contained suspicious files that appeared to contacting Russian servers.

"Upon unboxing and preparing them, it was discovered that a number of the laptops were infected with a self-propagating network worm," wrote Marium Haque, deputy director of education and learning at Bradford Council.

Some people on the forum said that the malware appears to be Gamarue.1, a self-propagating network worm first identified by Microsoft in 2012. This malware can download and install spyware on the infected devices in order to harvest confidential information about users, including their banking details and browsing habits. However, it is not capable of gaining access to people's microphones or webcams, according to security experts.

In a statement, the UK Department of Education (DfE) said it was investigating the matter and trying to establish how many laptops are infected with the malware, where they were sourced from and whether any infected device has been delivered to students.

The DfE claimed that the issue was not widespread and in all known cases, the malware was eliminated at the point the infected devices were first turned on in the schools.

The statement added that DfE's IT teams were in touch with those who reported the matter, and that the Department would continue to monitor for any further reports of the malware.

The infected laptops are understood to have been sourced by the IT reseller XMA, according to The Telegraph.

Over the past nine months, more than 800,000 laptops have been issued to schools as part of the government's efforts to support disadvantaged pupils who may not have access to online education at home.

"There are many local and national schemes which have been implemented to try and provide devices for school children in an attempt to keep as many as possible engaged in some form of education during school closures and lockdown measures," Brian Higgins, security specialist at consumer tech website Comparitech stated.

"Whilst it is unclear where these particular laptops were sourced, it is absolutely vital that anyone seeking to source devices, whether they are bought using sponsorship or donated directly, be fully aware of the risk that they may contain dormant or active malicious software and research appropriate methods to make them safe before they are distributed to homes and families."

The news of malware on school laptops comes within weeks after senior public figures in the UK wrote a letter to Prime Minister Boris Johnson, urging him to help hundreds of thousands disadvantaged pupils by providing them with the devices and internet connections they lack for remote learning during the pandemic.

"Children on the wrong side of the digital divide have neither the data nor the devices to log in from home when their schools close. In a country with free state education, no child's education should be dependent on their internet connection," the letter said.

Co-ordinated by Labour MP Siobhain McDonagh, the letter also cited an Ofcom estimate that between 1.1 million and 1.8 million children in the UK (around nine per cent) currently lack access to a desktop, laptop, or tablet at their homes.

It welcomed the development of the online Oak Academy in response to pandemic, but said the facility remains inaccessible to pupils without sufficient access to technology.