Win32:Citadel-K
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 16,437 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 2 |
| First Seen: | November 9, 2012 |
| Last Seen: | July 1, 2023 |
| OS(es) Affected: | Windows |
Win32:Citadel-K is a variant of the infamous Citadel Trojan which is part of an ineffective email spam scam that uses fake email messages from Vodafone. However, the Win32:Citadel-K Trojan itself is derived from an extremely dangerous Trojan family that is based on the code for the Zeus Trojan family. This family of malware typically has backdoor capabilities and advanced keylogger abilities that allow these Trojans to steal information related to online banking and credit cards, including bank account numbers, passwords and other sensitive information. ESG malware analysts consider that the Win32:Citadel-K Trojan is a severe threat to your computer, even if the particular variant contained in the fake Vodafone email is nearly harmless due to poor implementation of this scam.
Malware belonging to Win32:Citadel-K's family of banking Trojans are acknowledged for containing some of the most advanced functions of the Zeus Trojan, such as capturing keystrokes, monitoring for activity on banking websites, and scanning files on the infected computer that may contain data associated with online passwords or credit card numbers. However, the Citadel Trojan family also includes additional updates that make Citadel Trojan more difficult to deal with and remove. This is because criminals have taken the code from the Zeus Trojan, updated it and packaged it in a form that allows them to sell it to other scammers while providing support and additional features. ESG security researchers have observed that variants of the Citadel Trojan (which include the Win32:Citadel-K Trojan) may contain one of the following attributes that are not appended in the Zeus family of malware:
- Win32:Citadel-K variants may allow this Trojan to attack particular web browsers more effectively. For example, ESG security researchers have observed that Citadel variants are more effective at attacking Google Chrome than basic Zeus Trojan variants.
- Win32:Citadel-K may also be particularly more effective than other variants at detecting and avoiding security software on the victim's computer.
- One curious aspect of Win32:Citadel-K variants is that the Citadel Trojan will often include components that prevent it from attacking computers with Ukrainian or Russian keyboards, making it likely that this Trojan is originally from these regions.
Win32:Citadel-K is typically distributed using email or social media spam. Because of this, one of the most effective ways of preventing Win32:Citadel-K attacks is to use a strong spam email filter to prevent these kinds of malicious email messages from reaching your inbox in the first place.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | Vodafone_MMS.jpg.exe |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.