No recent events yet!
Risk: | high |
Damage: |
high |
Platform(s): |
Microsoft® Windows OS |
Advisory ID: |
ngCERT-2024-0020 |
Version: |
N/A |
CVE: |
N/A |
Published: |
June 6, 2024 |
ngCERT is aware of the resurgence of Andromeda malware, also known as Gamarue, Wauchos, and Andromeda Stealer, which is a dangerous Trojan horse with multiple malicious capabilities. This malware has been used by threat actors to create a network of infected computers, known as Andromeda Botnet, which can be used to launch further attacks by distributing other malwares such as ransomwares, banking Trojans, Distributed Denial of Service (DDos), spam bot and backdoor. Despite the takedown of the Andromeda botnet by US and Europe law enforcement agencies in 2017, new variants have been detected, infecting systems worldwide, including Nigeria. ngCERT advises individuals and organisations to take immediate steps to protect their systems and data from Andromeda and other malware threats.
The Andromeda malware is a modular bot that can be modified by using plugins for keyloggers, rootkits, TeamViewers, and spreaders, to expand its attack chain and reach. The malware can infect systems through various methods, such as spear phishing emails, drive-by-downloads, infected cracks or keygens, removable drives, as well as clicking on malicious links. The malware can perform various functions, such as using anti-virtual machine and anti-debugging techniques, creating botnets, working as a backdoor, and stealing sensitive information. The malware can also receive commands from its control server for downloading and executing files, performing remote shells, or uninstalling itself from the system.
Successful exploitation of the vulnerabilities could lead to:
ngCERT recommends the following: