Jun 8, 2026
C2 Hosts: 1
Tofsee
Also known as: Gheg
According to PCrisk, Tofsee (also known as Gheg) is a malicious Trojan-type program that is capable of performing DDoS attacks, mining cryptocurrency, sending emails, stealing various account credentials, updating itself, and more.
Cyber criminals mainly use this program as an email-oriented tool (they target users' email accounts), however, having Tofsee installed can also lead to many other problems.
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 8, 2026 | 1 |
Further Reading
Information on GovCERT opens in a new tab
govcert.ch
How To Guide | Neutralizing Tofsee Spambot â Part 1 | Binary file vaccine | Spamhaus Technology opens in a new tab
spamhaus.com
How To Guide | Neutralizing Tofsee Spambot â Part 2 | InMemoryConfig store vaccine | Spamhaus Technology opens in a new tab
spamhaus.com
How To Guide | Neutralizing Tofsee Spambot â Part 3 | Network-based kill switch | Spamhaus Technology opens in a new tab
spamhaus.com
Virus Bulletin :: Tofsee botnet opens in a new tab
The spam botnet Tofsee can be divided into three components: loader, core module and plug-ins. Ryan Mi describes how the components communicate with the C&C server, and how they work with one another.
virusbulletin.com
Terror EK via Malvertising delivers Tofsee Spambot opens in a new tab
Summary: This was a great find, Terror EK in the wild from malvertising. The landing page appeared to be in the compromised site itself and was not loaded from an iframe, etc. The site just display…
zerophagemalware.com