Trend Micro researchers recently found several versions of the PASSTEAL malware disguised as key generators for paid applications — which indicates, the researchers say, that the malware’s developers are targeting file sharers.
“Malware hosted on file sharing sites, unfortunately, is not a new trend in the threat landscape,” TrendLabs threat response engineer Alvin John Nieto wrote in a blog post. “Previously, ZACCESS variants were found disguised as keygen apps, game installers, and movie files hosted on such sites.”
“PASSTEAL, as its name suggests, is a piece of malware that uses various password recovery tools to steal passwords stored in the browsers of its victims,” writes Threatpost’s Brian Donohue.
“While older variants use the password recovery tool ‘PasswordFox,’ the new variant uses ‘WebBrowserPassView’ tool to steal credentials stored in major browser apps such as Internet Explorer ver. 4.0-8.0, Mozilla Firefox 1.x-4.x, Google Chrome, and Apple Safari,” writes E Hacking News’ Sabari Selvan. “Once the malware extracts the data, it stores the stolen credentials in an .XML file and [sends] the file to a remote FTP server.”
“In order to protect themselves against such threats, users are advised to be careful what they download from file sharing or BitTorrent websites, especially since this isn’t the only malicious element that’s masqueraded as an innocent-looking application on such sites,” writes Softpedia’s Eduard Kovacs.