Laptops given to British schoolkids came preloaded with malware and talked to Russia when booted

Laptops given to British schoolkids came preloaded with malware and talked to Russia when booted

A shipment of laptops supplied to British schoolkids by the Department for Education to help them learn under lockdown came preloaded with malware, The Register can reveal.


The affected laptops, supplied to schools under the government's Get Help With Technology (GHWT) scheme, which started last year, came bundled with the Gamarue malware – an old remote access worm from the 2010s.

The Register understands that a batch of 23,000 computers, the GeoBook 1E running Windows 10, made by Shenzhen-headquartered Tactus Group, contained the units that were loaded with malware.


These devices have shipped over the past three to four weeks, though it is unclear how many of them are infected. It is believed the devices were imaged at factory level.

One source at a school told The Register that the machines in question seemed to have been manufactured in late 2019 and appeared to have been loaded with their DfE-specified image last year.


We have been shown emails sent to and from the Department for Education (DfE), which runs the GHWT scheme, flagging up concerns about the laptops. It appears that at least one school is formatting and reimaging the laptops from a known clean build before issuing them to pupils.


We've also seen online forums where Bradford school employees discuss the council contacting them on Wednesday to warn them of the problem, saying in an email: "Upon unboxing and preparing them it was discovered that a number of the laptops are infected with a self-propagating network worm ... that looks like it contacts Russian servers when active."


People familiar with the GHWT rollout told The Register that not all in the batch phoned home, however.


laptops given british schoolkids preloaded malware talked russia booted