1:59 am (UTC-7) | by Alvin John Nieto (Threat Response Engineer)
There is another reason why users should be wary of downloading files from file sharing sites – they host PASSTEAL variants. PASSTEAL, as you may recall, are malware using password recovery tools to steal information stored in Internet browsers. This technique is a deviation from previous infostealers that log keystrokes to gather data from infected systems.
Using feedback from the Trend Micro Smart Protection Network™, we found that several PASSTEAL malware use social engineering lures such as variants disguised as key generators for paid applications or are bundled with tampered paid-installer application as shown below:
This indicates that PASSTEAL authors’ are targeting file sharers and downloaders who frequently use BitTorrent or visit file hosting sites to get hold of illegal copies of software. Other variants were also found disguised as e-book versions of popular Young Adult (YA) novels.
Another variant, detected as TSPY_PASSTEAL.B, uses the password recovery tool “WebBrowserPassView” instead of “PasswordFox”, to steal credentials stored in major browser apps such as Internet Explorer ver. 4.0-8.0, Mozilla Firefox 1.x-4.x, Google Chrome, and Apple Safari. So it isn’t a far-off idea to say that certain PASSTEAL variants in the wild are using other password recovery tools to target and retrieve user credentials from specific web apps.
Malware hosted on file sharing sites, unfortunately, is not a new trend in the threat landscape. Previously, ZACCESS variants were found disguised as keygen apps, game installers, and movie files hosted on such sites. ZACCESS is a malware family known for its rootkit technology, making it difficult to remove from infected systems. This malware is also the top malware when it comes to number of infections during the 3Q of 2012.
Chances are, cybercriminals are using the popularity of these novels and movies (not to mention the appeal of illegal downloading) to target as many users as possible. Thus, users are advised to be extra-careful when downloading files from any websites like file sharing sites.
Most users have a “One-size fits all” mentality when it comes to creating passwords for their online accounts. Though using the same password across sites can certainly help users to remember passwords, this however increases the risk of information theft. For better security, users must use different login credentials for their accounts and create strong and easy-to-remember passwords.
Some browsers offer features that can help users protect their information. In particular, Mozilla Firefox offers a master password feature that enables encryption to prevent password recovery tools to easily access account information stored in browsers.
There are other services that can help users protect and manage their passwords. Trend Micro DirectPass manages passwords for multiple services and effectively blocks malware with info theft routine such as those used by PASSTEAL. Trend Micro protects users from via Smart Protection Network, which detects and deletes PASSTEAL variants if found on user’s system.
Share this article