Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    There is another reason why users should be wary of downloading files from file sharing sites – they host PASSTEAL variants. PASSTEAL, as you may recall, are malware using password recovery tools to steal information stored in Internet browsers. This technique is a deviation from previous infostealers that log keystrokes to gather data from infected systems.

    Using feedback from the Trend Micro Smart Protection Network™, we found that several PASSTEAL malware use social engineering lures such as variants disguised as key generators for paid applications or are bundled with tampered paid-installer application as shown below:

    This indicates that PASSTEAL authors’ are targeting file sharers and downloaders who frequently use BitTorrent or visit file hosting sites to get hold of illegal copies of software. Other variants were also found disguised as e-book versions of popular Young Adult (YA) novels.

    Another variant, detected as TSPY_PASSTEAL.B, uses the password recovery tool “WebBrowserPassView” instead of “PasswordFox”, to steal credentials stored in major browser apps such as Internet Explorer ver. 4.0-8.0, Mozilla Firefox 1.x-4.x, Google Chrome, and Apple Safari. So it isn’t a far-off idea to say that certain PASSTEAL variants in the wild are using other password recovery tools to target and retrieve user credentials from specific web apps.

    Malware hosted on file sharing sites, unfortunately, is not a new trend in the threat landscape. Previously, ZACCESS variants were found disguised as keygen apps, game installers, and movie files hosted on such sites. ZACCESS is a malware family known for its rootkit technology, making it difficult to remove from infected systems. This malware is also the top malware when it comes to number of infections during the 3Q of 2012.

    Chances are, cybercriminals are using the popularity of these novels and movies (not to mention the appeal of illegal downloading) to target as many users as possible. Thus, users are advised to be extra-careful when downloading files from any websites like file sharing sites.

    Most users have a “One-size fits all” mentality when it comes to creating passwords for their online accounts. Though using the same password across sites can certainly help users to remember passwords, this however increases the risk of information theft. For better security, users must use different login credentials for their accounts and create strong and easy-to-remember passwords.

    Some browsers offer features that can help users protect their information. In particular, Mozilla Firefox offers a master password feature that enables encryption to prevent password recovery tools to easily access account information stored in browsers.

    There are other services that can help users protect and manage their passwords. Trend Micro DirectPass manages passwords for multiple services and effectively blocks malware with info theft routine such as those used by PASSTEAL. Trend Micro protects users from via Smart Protection Network, which detects and deletes PASSTEAL variants if found on user’s system.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • user unknown

      Is this Windows-only or Linux and Mac too? Android?

      • Alvin Nieto

        Currently, the recovery tools we have observed that are being used by the PASSTEAL malware family are limited to the Windows OS platform. However, we cannot rule out the possibility of multi-platform password recovery apps being bundled with a cross-platform applications such as those coded in JAVA. Thus, we advise our readers to take precautionary measures when downloading from or visiting unauthorized websites.

    • Reini
    • alex
    • Dmitry

      What application is on the right side of the screen shot?

      • Black AM

        process explorer from sysinternals / Microsoft



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice