Name of Malware: Bamital (Sheedash, Lavandos)

Type of Malware: Click fraud

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact: high

What is Bamital?

Bamital is a piece of malware that carries out fraudulent activity by imitating user behaviour, e.g. by clicking on an ad or visiting unwanted websites. Bamital works by intercepting Internet traffic and displaying false results for searches executed by the user. When users click on one of these false results, they are diverted to a fake page or a site controlled by attackers, which could contain additional malware.

How did I get infected with Bamital?

A system can be infected with this malware when a user visits a website that is owned by attackers. The user is diverted to other pages that contain malicious software packages; these packages are responsible for installing Bamital.

What do I have to do now?

Bamital is comprised of multiple components that can generally be hidden within the system without causing any symptoms of infection. To remove Bamital from a system, we recommend scanning the infected system with an anti-virus software package or using a live operating system to search for and remove Bamital components. Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.