Malware in this family performs destructive actions on the user’s computer. When run, the program decrypts an auxiliary file contained inside its body, extracting the file to a temporary folder on the user’s computer. The extracted program sends a request to the attackers’ server. This server replies with a configuration file, which the program uses to continue its work.
Geographical distribution of attacks by the Trojan.Win32.Jorik family
Geographical distribution of detections during the period from 20 November 2014 to 20 November 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage of all unique Kaspersky users attacked by this malware