Name of Malware: Suppobox (Bayrob, Nivdort)

Type of Malware: Trojan

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact:high

What is Suppobox?

Suppobox is a trojan that intercepts any network traffic connected with a monetary transaction when users buy or sell products online. The malware focuses on auction websites.

How did I get infected with Suppobox?

Suppobox infections can arise when a user has visited a fake version of a website relating to products that are sold in auction format. Criminals contact the victim when they see that the user has been drawn in by the auction, and exploit their interest to send the malware in an attachment disguished as information relating to the sale. The malware then leads the victim to make a legitimate purchase on the fake auction page and it obtains the financial details of the payment.

What do I have to do now?

Commercial anti-virus software can detect and block infections with generic versions of Suppobox malware. Victims should contact their local crime prevention authority to report the fraud.

Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.