Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Hacker Rigs New Zealand Shooter's Manifesto With Malware

The shooter's manifesto has been circulating on the web, even as authorities try to take it down. However, at least one copy of the document has been secretly rigged to reconfigure Windows PCs with a message.

By Michael Kan
March 29, 2019
How to Get Infected With Malware

A hacker is responding to the New Zealand mosque shooting by booby-trapping the attacker's manifesto with malware.

The note has been circulating on the web, even though New Zealand authorities have been pushing internet platforms to take it down. However, at least one copy of the document has been secretly rigged to reconfigure Windows PCs.

Security firm Blue Hexagon uncovered the weaponized document while scanning the internet for malicious files. "Caution is advised for anyone attempting to seek and download the content for review," researcher Irfan Asrar wrote in a blog post.

"In what can be described as a vigilante attempt to thwart the viral distribution, several links are now also distributing a trojanized version of the manifesto," he added.

The file itself has been packaged as a harmless Microsoft Word document. However, it's actually been weaponized by the inclusion of a programming script that'll attempt to download a portable executable file to the victim's PC.

Blue Hexagon

Fortunately, the hacker behind the scheme did not rig the file with anything destructive. The portable executable file's goal is to reconfigure the system's Master Boot Record to display a message on reboot that says "This is not us!" on a black screen.

The hacker's intention was probably to protest the original manifesto. The booby-trapped document resembles the source material. However, the document's metadata has been tweaked with a new author using the name "Maori," the indigenous people of New Zealand.

"Our initial suspicion was that this was targeting the press, but with all the data that we have now, it looks like it was not one specific group, just anyone who was trying to get a copy of the manifesto," Asrar told PCMag.

The platforms that were hosting the booby-trapped file have removed the links to it in a bid to take down all content related to the original manifesto, he added. So the impact was likely small.

So far, Blue Hexagon has only discovered one booby-trapped document, which some antivirus software will detect as a Trojan. But the security firm is investigating other reports of manifesto files and related videos that may have been rigged as well. Asrar warns that the same tactic could be used to spring destructive malware on people's computers.

Verizon To Launch Free App That Blocks Robocalls
PCMag Logo Verizon To Launch Free App That Blocks Robocalls

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Michael Kan

Senior Reporter

I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio

Read the latest from Michael Kan