Brand New Trojan Malware “Pandemiya” Written from Scratch


Attention: A brand new malware has hit the Trojan scene – they call it Pandemiya.

Reportedly written from scratch and consisting of more than 25,000 original lines of code, it is selling on underground markets for $1500-$2000. Those who have discovered Pandemiya report that the malware took over a year to write, but in the wake of last week’s FBI crackdown on CryptoLocker and Zeus Pandemiya’s popularity and distribution is likely to surge.

Pandemiya’s Powers

Pandemiya is a completely original malware, meaning it has been built with completely original code. This is a rare development in malware-land, as doing so requires a great deal of criminal-commitment and work. Usually, malware “authors” just borrow bits and pieces of code from other pre-existing malware; and, in recent years that pre-existing malware has usually been Zeus. Last week’s international Zeus bust has thrown somewhat of a wrench in that strategy, however, and in response we are now seeing the high price emergence of the Trojan Pandemiya.

Accordingly, Pandemiya’s capabilities are relatively standard:

  • Steal user credentials through injected web forms and log-in pages
  • Steal user files with File Grabber
  • Take screenshots of infected computer

Additionally, Pandemiya utilizes a modular design, meaning it can be expanded upon with for-purchase plug-ins – much like you would do with your web browser. This final capability suggests that the malware has been created with a large-scale economy and distribution network in mind. Most notably, an experimental Facebook spreader plug-in has already been discovered.

How to Avoid Pandemiya

Initial research indicates that, like most Trojans, Pandemiya is being distributed through drive-by download websites that automatically initiate install. As such, users should remain vigilant against mysterious links found on social networks or delivered via email.

For added defense, Emsisoft Anti-Malware’s Surf Protection technology can automatically prevent connection to drive-by websites that install Pandemiya.

More on Pandemiya

Pandemiya was discovered by researchers at RSA Security. They have produced a detailed technical analysis of this new malware on their blog.

Notably, researchers write that Pandemiya utilizes a number of advanced features that will unfortunately bolster the malware’s perniciousness. Both encrypted server communication and a function that injects Pandemiya into every newly opened Windows process of an infected computer are among these capabilities.

Most importantly, the blog entry also contains detailed Pandemiya removal instructions for advanced users.

As always, anyone who believes they may be infected by this Trojan is encouraged to contact Emsisoft Support for assistance. Malware removal is free, even if you are not an Emsisoft customer yet.


Have a Great (Malware-Free) Day!