Citadel is a toolkit for distributing malware and managing botnets making it super easy to produce ransomware and infect systems one after another with pay-per-install programs. Citadel is designed to steal credit card / bank account numbers and login credentials while adding the computer to the Citadel botnet to use it as a base of attack on other machines.
Citadel is installed on a victim’s computer with a drive-by-download attack most often using the Blackhole exploit kit. The Blackhole exploit kit is a cloud based pay for service malware or malware as a service (MaaS) platform that installs web browser exploits on unsecured web servers for the purpose of installing malware on victims computers. When a user visits an infected website Blackhole exploits a vulnerability in the user’s web browser to install Citadel. Citadel then installs Reveton, a very bad ransomware virus.
