Bedep is a trojan that opens a backdoor on a compromised system and can provide a malicious actor with full control over the system, as well as download additional malware. Once executed, Bedep can facilitate the theft of information or be used to perform click fraud to visit specific websites for financial gain. According to TrendMicro, the Bedep trojan is also used to turn infected systems into botnets for other malicious activities. Users are typically infected with Bedep through exposure to malicious advertising (malvertising) or exploit kits on compromised websites. When a user visits a webpage hosting a malvertisement, an exploit kit (EK) such as Angler or Hanjuan identifies a vulnerability on the user's machine to exploit and deliver Bedep. According to F-Secure, Bedep creates a hidden virtual desktop on the victim's computer, with an instance of Internet Explorer which is used to view unsolicited websites. Bedep has primarily targeted victims in the United States, followed by Japan.
- Februrary 2015: Bedep infected users through the Hanjuan EK by exploiting a Adobe Flash Player zero-day vulnerability using SWF_EXPLOIT.MJST. (TrendMicro)
- April 2015: Bedep was used to spread pro-Russia propaganda. (SpiderLabs Blog)
- December 2015: Bedep was spreading through Angler EK exploiting a WordPress vulnerability on The Independent and Reader's Digest websites. (InfoSecurity Magazine)
- March 2016: Angler EK infected victims with Bedep trojan and TeslaCrypt ransomware. (eSecurity Planet)
- May 2016: Bedep trojan was distributing CryptXXX ransomware via Angler EK. (Info-Security Magazine)