Citadel is a toolkit for distributing malware and managing botnets making it super easy to produce ransomware and infect systems one after another with pay-per-install programs.   Citadel is designed to steal credit card / bank account numbers and login credentials while adding the computer to the Citadel botnet to use it as a base of attack on other machines. 

Citadel is installed on a victim’s computer with a drive-by-download attack most often using the Blackhole exploit kit. The Blackhole exploit kit is a cloud based pay for service malware or malware as a service (MaaS) platform that installs web browser exploits on unsecured web servers for the purpose of installing malware on victims computers. When a user visits an infected website Blackhole exploits a vulnerability in the user’s web browser to install Citadel. Citadel then installs Reveton, a very bad ransomware virus.

Citadel Trojan Malware


Is Your Network Vulnerable To Ransomware Attacks?

Find out now with KnowBe4's Ransomware Simulator "RanSim", get your results in minutes.
Get RanSim!

« Back To Ransomware Knowledgebase


Get the latest about social engineering

Subscribe to CyberheistNews