Andromeda (trojan)

Andromeda is a modular trojan which was first spotted in 2011. The behavior of this malware is its capability of checking whether it is being executed or debugged in a virtual environment by using anti-virtual machine techniques. It downloads other malware from its control servers, often in order to steal information from infected computers. The most affected countries are India (24%), Vietnam (12%) and Iran (7%).

Andromeda has been heavily linked to phishing campaigns, spam email attachments, illegal software downloads and various exploit kits as a means of distribution. Research into the malware design has revealed that it contains many similarities to the source code of zbot/zeus.