Upatre is a trojan downloader, was first spotted in August 2013, after the fall of Blackhole Exploit Kit. Its variants usually arrive onto systems as malicious files attached to spammed messages, or as a link to a malicious website hosting the malware itself.

Upatre malware, upon installation,, will download and execute additional malware on the affected system. Some of the downloaded malware by Upatre are Zeus, Cryptolocker, Dyre and Rovnix variants. Such malware severely compromises the security of the system they affect, and in Cryptolocker's case, render it useless due to its file-encrypting routines.

New variants of Upatre are now capable of stealing system information such as the affected system’s computer name and operating system.