Rombertik is spyware designed to steal confidential information from targets using Internet Explorer, Firefox, or Chrome running on Windows computers.
If Rombertik detects a modification in the compile time or binary resource in memory, it attempts to overwrite the Master Boot Record (MBR) on the primary hard drive.
This directory encryption technique is similar to ransomware, but Rombertik does not attempt to extort money from its victims.
[4] Ps installed, it injects code into running processes of Internet Explorer, Firefox, and Chrome.
The injected code intercepts web data before it is encrypted by the browser, and forwards it to a remote server.