Name of Malware: Pykspa (W32.Pykspa.A, W32.Pykspa.C, W32.Pykspa.D, W32.Pykspa.E, W32.Pykspa.F, Win.Worm.Pykspa-6057105)

Type of Malware: Worm, trojan

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact: medium

What is Pykspa?

Pykspa is a piece of malware that can be used to remotely control infected systems. It also enables attackers to
download other malware or extract personal data. There are a number of versions of this malware and it has been
developed over a long period of time. Some of the most recent versions of Pykspa are able to deactivate security systems such as anti-virus
programs.

How did I get infected with Pykspa?

Pykspa can be disseminated in a number of ways, including through malicious messages sent via Skype Messenger. The malware deliberately sends messages
and images that will entice the user to visit infected websites. The malware can also copy itself to removable media or
available drives to infect other systems.

What do I have to do now?

As the malware takes full control of the system and often hides your files, you may need to reformat or
reinstall your operating system.

Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.