CoViper is by just another threat actor that want a piece of pie of the COVID-19 outbreak. CoViper is a Master Boot Locker Ransomware or MBRLocker. It means it does not encrypt user files but change the Booting "sequence" and hence render a system useless. An advance computer user can recover it by installing a new MBR. This type of malware also referred to as MBR Wiper. After "Wiping" the MBR a ransom is usually demanded. Where as in this case no ransom is demanded yet. CoViper is distributed as an installer written in PureBasic, with all interesting files packed as resources. CoViper is composed of several binaries and scripts. These files are dropped into the computer’s temporary folder (%TEMP%, usually the absolute path is C:UsersAppDataLocalTemp), created using the GetTempFileNameA API function.
Once the infection is done then an message is display stating that your systems is infected with corona virus.