The Bayrob trojan, also known as Nivdort, was reportedly discovered in March 2007 and has been lying dormant for nine years until its reemergence in January 2016. Bayrob is delivered via email spam or file transfer programs to exfiltrate personal and financial data from victims’ machines. Slightly modified to maintain persistence and avoid detection, Bayrob obfuscates its code with useless lines of code and infects machines by downloading multiple copies of itself into a system folder. Each copy then generates a new system process and runs its own set of malicious tasks. Bayrob also avoids detection on infected machines by encrypting the data it has exfiltrated from its victims.


  • January 2016: ‘Application not compatible’: Bayrob may be stealing your info. (Welivesecurity)
  • May 2016: Ancient Bayrob backdoor trojan resurfaces after nine years with updated versions. (Softpedia)
  • October 2016: Nivdort, a long lasting threat, is gaining momentum. (Anubisnetworks)

Technical Information

  • Fortinet provides technical details on the Bayrob trojan, available here.