Andromeda’ OR ‘Gamarue’ is one of the latest backdoor-type malware variant, found to be spreading at a rate of millions of computers per month. An international takedown operation lead by the FBI as well as the European Cyber Crime Center (EC3) was conducted on Andromeda last year. But still, remains of this malware can be found on numerous computing devices as per beliefs.


Read our blog on security threats before proceeding further:

By mainly targeting its attack on Windows operating systems, Andromeda botnet makes a network of infected computing systems a part of it. This botnet will be then distributing other threats from those malware families which are supposed to be 80 in number, (like – Ransomware(Example – Petya, Cerber,Troldesh), Banking Trojan(Ursnif, Fareit&Carberp), DDos malware(Example – Fareit, Kasidet), Spam bot(Example – Cutwail , Lethic) , Backdoor, etc..) associated with Andromeda.

 Andromeda works as a backdoor that may receive commands from its control server for downloading and executing files, performing remote shells, or uninstalling itself from the system. The most common vectors used by this malware to cause infection are – spear phishing emails, drive-by-downloads, Infected cracks (like – keygens : a computer program which generates a product licensing key such as a serial number), removable drives, malicious links through social media messages, exploit kits (Example – Blacole), etc..


Some of the other highlights of Andromeda attacks are :

  • It resides in memory.
  • It can steal sensitive information (like Operating System information, Local IP address, Root volume serial number, etc.).
  • It is modular in function (i.e. ability to get modified via plugins like keylogger, rootkit, team weaver, spreader, etc.).
  • It is capable enough to use the anti-virtual machine as well as anti-debugging techniques.
  • Compromise-indicators are: System changes like File system changes, Creation of a new instance of some processes by the malware to inject itself into it, Registry changes, Connectivity to certain networks by the malware, etc..

Countermeasures to prevent Andromeda attack can be listed as:

  1. Enabling an efficient personal firewall on the workstation.
  2. Disable autorun/autoplay policies.
  3. Setting up administrative access for system admins to administrative systems / Allowing limited privilege users on systems.
  4. Implementing a strong password policy / routine password changes.
  5. Disabling unnecessary services on agency workstation and servers.
  6. Always changing default login credentials before production deployment.
  7. Protecting oneself from – downloading pirated softwares, social engineering attacks, untrusted websites, emails from untrusted sources / unexpected emails from trusted sources.
  8. Monitoring traffic from the client machine to the domains / IP address, as per installation guidelines.
  9. Deleting system changes (like – file creation, registry entries, services, etc.) made by the attack.
  10. Ensuring availability of the latest, updated Antivirus solution – to scan infections, if any.


In this digital era of faster technological advancements as well as increased security threats, like any security threat, Andromeda attacks also need effective management.

To know more about managing today’s increased security threats, read our article on the same here:

24/7 dedicated tech support 24/7 hosting support 24/7 security support AI Bitcoin CaaS Cloud Computing company hiring Container Containerisation Containers Crypto currency cyber security Digital currency digital money Docker Grandchild Category Hosting hosting support Hosting Tech Support individual hiring Internet of things IoT IoT security IT Infrastructure Management IT Infrastructure Support Kubernetes Linux Server Linux Server Auditing Machine learning malware Managed IT Services Outsourced Web Hosting Support PaaS Parent security Security attacks security threat Security Threats Server Management Server Monitoring Server News Server Support System Administration virtual currency Virtual money Web Hosting Whitelabel Helpdesk Support

Leave a Reply

Your email address will not be published. Required fields are marked *


May 2022
« Dec