In the past few weeks, Trend Micro researchers have become aware that the Russian cybercriminal underground has been overflowing with offers for a new kind of information-stealing malware. These new malware variants pose as agent programs used by Russian social networking sites, such as Odnoklasniki and Vkontakte. (Agent programs are programs used by some websites to allow users to log into their services without having to start their browser.)
A group of cybercriminals interested in stealing the login credentials of the users of these target sites would provide the authors of these new fake agent programs an email address or an ICQ number where the stolen credentials would be placed. These “authors” would then be responsible for distributing their malware to users.
Users who did download and run these fake agents would be presented with an interface similar or identical to legitimate agent programs.
Upon users would attempt to enter their login credentials by using these fake agents, they would receive a message that the connection to the server has failed. In reality, the credentials have been captured and sent to the cybercriminals via the supplied email address or ICQ number. This threat is detected and removed by Trend Micro as TSPY_FKANTAKTE.A.