Ramdo is a click-fraud trojan family that uses infected machines to generate fraudulent ad clicks, draining advertising budgets and inflating ad-network metrics. It uses encrypted command-and-control communication and modular plugin architecture. Symantec disrupted Ramdo infrastructure in 2015.
This family has been observed using the following ATT&CK techniques: T1547.001 T1071.001
Ramdo is a click-fraud trojan family that uses infected machines to generate fraudulent ad clicks, draining advertising budgets and inflating ad-network metrics. It uses encrypted command-and-control communication and modular plugin architecture. Symantec disrupted Ramdo infrastructure in 2015.
Ramdo is a click-fraud trojan distributed through exploit kits and pay-per-install affiliate networks, generating fraudulent ad clicks from infected hosts.
Sustained background HTTP traffic to ad networks while no browser is open, high CPU from hidden processes, and AV references to Ramdo indicate the infection.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/ramdo.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.