Xswkit
Name of Malware: Xswkit
Type of Malware: Downloader
Affected Operating Systems: Windows
Affected Device Types: PCs, laptops
Impact: medium
What is Xswkit?
Xswkit is a malware downloader.
Malware downloaders download other malware and then run it on the infected system. In the case of Xswkit, the malware downloaded may include the banking trojans Citadel, Rovnix and URLZone/Bebloh. Xswkit can also be expanded with additional functions using plug-ins. One of these plug-ins is designed to capture access data for e-mail accounts and FTP programs and pass this information to the operator of the malware.
How did I get infected with Xswkit?
One potential route of infection is via spam e-mail. The cyber criminals send Xswkit by e-mail, disguised as an invoice. Often, these invoices are packaged as executable files in ZIP archives. Other potential sources of infection include websites that are primed to exploit security vulnerabilities in your browser; the malware could also have been downloaded by another piece of malware that was already on your system at that time.
What do I have to do now?
Do not carry out any further sensitive transactions on your computer. There may be other malware on your system besides Xswkit. Use anti-virus software to perform a full scan of your system. If necessary, use an antivirus live CD such as EU Cleaner to remove Xswkit. If you still have concerns about whether the infection has been effectively removed, you should reset the device and reinstall the operating system. Back up your personal data before wiping the system. Once your system has been reset, change all your passwords, as the perpetrators may have been able to access them.
- Short URL:
- https://www.bsi.bund.de/dok/8605878