Tofsee, also known as Gheg, is a long-running spambot that infects machines to send pharmaceutical, dating, and cryptocurrency spam. Active since 2008, Tofsee continues to be observed and is notable for its use of peer-to-peer protocols and resilience to takedowns.
This family has been observed using the following ATT&CK techniques: T1071.001 T1547.001
Tofsee, also known as Gheg, is a long-running spambot that infects machines to send pharmaceutical, dating, and cryptocurrency spam. Active since 2008, Tofsee continues to be observed and is notable for its use of peer-to-peer protocols and resilience to takedowns.
Tofsee is a multi-purpose botnet spreading through other malware droppers, Skype messages, and exploit kits.
Outbound spam traffic, click-fraud HTTP requests, and DDoS traffic from the infected host along with AV detections for Tofsee or Gheg are common.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/tofsee.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.