Threat Database Trojans TSPY_PASSTEAL.A

TSPY_PASSTEAL.A

By JubileeX in Trojans

A malware infection known as TSPY_PASSTEAL.A that can bypass many known security measures effectively. This dangerous Trojan infection is a data stealer, a Trojan infection that is designed to steal passwords for websites and email accounts and seem to affect even websites that have secure connection protocols. TSPY_PASSTEAL.A is very similar to a recent image stealing Trojan known as PIXSSTEAL. The main point of similarity between these two malware threats is how they send the stolen information back to their owners, typically using a remote FTP server. However, the TSPY_PASSTEAL.A Trojan uses different methods to steal passwords and other sensitive information.

The TSPY_PASSTEAL.A Trojan is designed to steal passwords for many different online accounts. TSPY_PASSTEAL.A takes this data and hides it away on a text file (with the TXT extension) that uses the same name as the infected computer – so, for example, in a computer named HOMECOMPUTER, this file's name would be 'HOMECOMPUTER.txt' and would include passwords for the victim's online accounts. While most password stealer use keyloggers to steal this kind of information, TSPY_PASSTEAL.A uses a different approach that allows TSPY_PASSTEAL.A to steal data directly from your web browser. Keyloggers wait until the victim establishes a connection and then track the keystrokes on the infected computer's keyboard. TSPY_PASSTEAL.A uses, instead, password recovery applications to 'recover' stored passwords from your web browser. Once TSPY_PASSTEAL.A steals this information, TSPY_PASSTEAL.A saves the data on a XML file that is then utilized to create TSPY_PASSTEAL.A's text file. TSPY_PASSTEAL.A then establishes an unauthorized connection with an FTP server in order to send this text file to a third party.

The password recovery approach that TSPY_PASSTEAL.A uses allows TSPY_PASSTEAL.A to steal passwords stored on the victim's web browser directly, even if those passwords correspond to websites that use secure connections involving SSL or HTTPS. This means that TSPY_PASSTEAL.A can be used to gain access to a large number of passwords for online email, online commerce, social media and online banking, as well as many other online services. Some variants of the TSPY_PASSTEAL.A Trojan can also steal information from non-browser applications such as Steam (for stealing game passwords) and JDownloader. Apart from using a reliable anti-malware program, ESG security researchers advise clearing your web browser's cache, cookies and history and changing your online passwords regularly to avoid having your information stolen by the TSPY_PASSTEAL.A Trojan.

File System Details

TSPY_PASSTEAL.A may create the following file(s):
# File Name Detections
1. %User Temp%\[RANDOM CHARACTERS].exe
2. %User Temp%\cvtres.exe
3. %User Profile%\Application Data\[COMPUTER NAME].txt

Trending

Most Viewed

Loading...