Andromeda bot. The main functionality of this malware family is downloading of other malware, which is most often used to electronically spy on users and/or steal their banking information.
As it runs, Trojan-Downloader.Win32.Andromeda communicates with control servers and receives a set of commands to perform. The bot receives the URLs for downloading other malware from these servers as well. Often the bot is resistant to emulation, which complicates attempts to detect and analyze it. The capabilities of the bot can be expanded via downloadable modules.
Geographical distribution of attacks by the Trojan-Downloader.Win32.Andromeda family
Geographical distribution of attacks during the period from 20 November 2014 to 20 November 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide who were attacked by this malware