Name of Malware: Andromeda (Gamarue)

Type of Malware: Downloader

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact:high

What is Andromeda/Gamarue?

Andromeda/Gamarue is a malware downloader.

Malware downloaders download other malware and then run it on the infected system. In the case of Andromeda/Gamarue, the malware downloaded may include the banking trojans Citadel, Rovnix and URLZone/Bebloh. Andromeda/Gamarue can also be expanded with additional functions using plug-ins. One of these plug-ins is designed to capture access data for e-mail accounts and FTP programs and pass this information to the operator of the malware.

How did I get infected with Andromeda/Gamarue?

One potential route of infection is via spam e-mail. The cyber criminals send Andromeda/Gamarue by e-mail, disguised as an invoice. Often, these invoices are packaged as executable files in ZIP archives. Other potential sources of infection include websites that are primed to exploit security vulnerabilities in your browser; the malware could also have been downloaded by another piece of malware that was already on your system at that time.

What do I have to do now?

Do not carry out any further sensitive transactions on your computer. There may be other malware on your system besides Andromeda/Gamarue. Use anti-virus software to perform a full scan of your system. If necessary, use an antivirus live CD to remove Andromeda/Gamarue. If you still have concerns about whether the infection has been effectively removed, you should reset the device and reinstall the operating system. Back up your personal data before wiping the system. Once your system has been reset, change all your passwords, as the perpetrators may have been able to access them.