Also known as: Horabot spam tool, Horabot bot
Category: Malware
Type: Banking trojan, phishing botnet
Platform: Windows
Variants: Win32:Trojan-gen, Trojan.GenericKD.67338119, Trojan:Win32/Casdet!rfn
Damage potential: Stolen credentials, data theft, financial loss, network spread, backdoor capabilities
Overview
Horabot trojan is malicious software that functions both as a banking trojan and a phishing botnet. This dual functionality allows Horabot to steal the victim's credentials and financial information, access their email accounts, and send phishing emails with malicious attachments to all contacts in the victim's mailbox. While most other trojans have a broader reach, Horabot specifically targets Spanish-speaking users in the Americas.
Possible symptoms
Horabot has similar signs to other trojans, such as:
- Unauthorized access to online accounts
- Noticeable increase in pop-ups and redirects
- Sluggish computer performance
- Frequent crashes and system restarts
- Increased disk activity
Sources of infection
You might inadvertently download Horabot trojan onto your device by:
- Opening links or attachments in phishing emails
- Clicking on malicious ads
- Visiting compromised websites
- Downloading files from peer-to-peer networks or software from unofficial sources
- Using USB drives and other removable media infected with Horabot
Protection
Trojans like Horabot can cause severe damage, so it’s crucial to stay vigilant online.
- Avoid opening links or attachments in suspicious emails.
- Block malicious websites and ads with NordVPN’s Threat Protection Pro.
- Install a reputable antivirus or anti-malware solution.
- Make sure your operating system and other software you use are updated.
- Use complex passwords and enable two-factor authentication (2FA) to add extra security to your online accounts.
- Consider using a firewall to block malicious traffic.
Removal
Here’s a step-by-step guide to help you get rid of the Horabot trojan, using reliable antivirus or anti-malware software. But if you’re not confident handling the removal yourself, you should get help from an IT professional.
- Disconnect from the internet.
- Enter Safe Mode. You can do so by restarting your computer and pressing the F8 key before the Windows logo appears.
- Back up important data.
- Run a full system scan.
- Remove infected files by following the instructions of your antivirus or anti-malware program.
- Restart your computer.
- Change your passwords, especially the ones for your online banking and email accounts.
- Watch out for any suspicious activity on your banking accounts and emails.