Detect Date 11/20/2015
Class Trojan-Downloader
Platform Win32

Andromeda bot. The main functionality of this malware family is downloading of other malware, which is most often used to electronically spy on users and/or steal their banking information.

As it runs, Trojan-Downloader.Win32.Andromeda communicates with control servers and receives a set of commands to perform. The bot receives the URLs for downloading other malware from these servers as well. Often the bot is resistant to emulation, which complicates attempts to detect and analyze it. The capabilities of the bot can be expanded via downloadable modules.

Geographical distribution of attacks by the Trojan-Downloader.Win32.Andromeda family


Geographical distribution of attacks during the period from 20 November 2014 to 20 November 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 India 24.47
2 Vietnam 12.40
3 Iran 7.25
4 Algeria 5.67
5 Russia 4.33
6 Kazakhstan 3.68
7 Bangladesh 2.76
8 Indonesia 2.43
9 Mongolia 2.31
10 Mexico 2.17

* Percentage among all unique Kaspersky users worldwide who were attacked by this malware


Find out the statistics of the threats spreading in your region