Threat Database Trojans TSPY_FAREIT.ACU


By Domesticus in Trojans

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: June 28, 2013
Last Seen: November 18, 2019
OS(es) Affected: Windows

TSPY_FAREIT.ACU is a dangerous spy Trojan that has made headlines because TSPY_FAREIT.ACU uses a security certificate stolen from the developers of the popular Opera Web browser. Opera's website was hacked and the stolen security certificate was then used in a malware attack that targeted thousands of computer users. This breach came about as a consequence of a 'targeted attack on the internal network infrastructure', according to a company spokesman. Through this attack, criminals were able to get their hands on an expired Opera signing certificate which has been used in TSPY_FAREIT.ACU. This is particularly dangerous because now TSPY_FAREIT.ACU appears as if TSPY_FAREIT.ACU was published by the makers of the Opera browser, Opera Software. The real danger in this attack is that between 1AM and 1:36AM UTC the day of the attack, which was June 19th, TSPY_FAREIT.ACU may have been sent automatically to thousands of computer users.

What to Do If You Were Exposed to TSPY_FAREIT.ACU After the Opera Breach

If you use the Opera Web browser and suspect that you were exposed to TSPY_FAREIT.ACU, ESG security researchers advise taking the following steps:

  • Remove Opera from your computer, uninstalling it and deleting its files.
  • Use a reliable anti-malware program that has been completely updated to scan your computer.
  • Delete and found malware files. TSPY_FAREIT.ACU has been associated with ransomware attacks and spy Trojans, all of which are also using the stolen Opera certificate.
  • Once you have disinfected your computer, it is safe to reinstall the Opera Web browser or to switch to another of the top alternatives on the market.

Other Infections Installed by TSPY_FAREIT.ACU Using the Opera Security Breach

TSPY_FAREIT.ACU stores passwords and other private information saved in your applications, including email clients, FTP clients and Web browsers. This data is then sent to a remote server in order to steal your money or hack into your online accounts. TSPY_FAREIT.ACU also connects to a remote server in order to download and install other malware onto your computer. So far, TSPY_FAREIT.ACU installs three other malware infections:

  1. TR.Ransom.GQ.1: a dangerous Police Ransomware Trojan that blocks access to infected computer systems in order to demand a ransom from the computer user.
  2. TR/Kazy.adag: a Trojan designed to steal information from the infected computer.
  3. Bds/ZAccess.BS: a Zeus Trojan variant that allows criminals to gain access to your computer and to your private information, establishing a dangerous backdoor that gives a third party full access to the infected computer.

SpyHunter Detects & Remove TSPY_FAREIT.ACU

File System Details

TSPY_FAREIT.ACU may create the following file(s):
# File Name MD5 Detections
1. File.exe a9750200274a60c274312c30f57c24d1 1
2. file.exe 74bfab32741f15b9fcfb32aacffab584 1


Most Viewed