Vobfus is a worm family that spreads through removable drives by creating LNK shortcut files that execute the worm when clicked. It downloads additional payloads, typically info-stealers and banking trojans, and modifies registry settings to hide files and disable security tools. Vobfus is a common finding in environments with weak USB controls.
This family has been observed using the following ATT&CK techniques: T1091 T1547.001
Vobfus is a worm family that spreads through removable drives by creating LNK shortcut files that execute the worm when clicked. It downloads additional payloads, typically info-stealers and banking trojans, and modifies registry settings to hide files and disable security tools. Vobfus is a common finding in environments with weak USB controls.
Vobfus (Beebone) spreads through infected removable drives using autorun.inf and downloads additional malware as a loader.
Hidden folders on USB drives replaced by shortcut LNK files, autorun.inf creation on removable media, and AV detections for Vobfus, Beebone, or Changeup indicate infection.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/vobfus.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.