New PASSTEAL Discovered
Malicious programs that filch user credentials normally do so by intercepting keystrokes. But, this same task can be done with the help of software that retrieves passwords and one new e-threat that uses such software to steal credentials is PASSTEAL (TSPY_PASSTEAL.A), says Trend Micro.
The company explains that PASSTEAL gathers data saved inside Web-browsers as the malware checks accounts that are created in connection with various Internet applications/services. Trend's researchers when examined the new malware threat found it reportedly, had the PasswordFox application workable only inside Firefox.
Threat Response Engineer Alvin John Nieto from Trend Micro said that effectually, the password-retrieving software facilitated PASSTEAL for collecting every login credential saved inside Firefox and also out of websites that utilized HTTPS/SSL secured connections. Softpedia.com published this dated November 7, 2012.
Nieto further said that a few websites, which utilized the mentioned secured connections, were Pinterest, Twitter, Facebook, Yahoo, Google, Tumblr, eBay, Amazon, Microsoft, Dropbox, along with Internet-banking websites.
As for PASSTEAL, he however added that it didn't only sniff out accounts from browser applications as a few variants logged data out of the JDownloader and Steam applications too.
And when PASSTEAL finishes garnering information, it unleashes "/sxml" a command-line switch for storing filched user-identifications within a file with the extension .XML. The malicious software utilizes this file for also crafting one .TXT file after which it links up with certain online File Transfer Protocol system situated elsewhere and transmits the stolen data onto it.
Notably, after filching the login credentials, the criminals utilize them for ID-theft and accessing the users' Internet-banking accounts to carry out illicit fund transactions or transfers causing the victims to lose their money. Alternatively, they may trade the filched data, which could contain electronic mail ids, to spammers for monetary gain.
Furthermore, Trend Micro observes that PASSTEAL so far has infected over 400 PCs. Also, its resemblance with PIXSTEAL with respect to a data-extraction system such as FTP-upload possibly makes it a creation of the same online-criminals.
But users can remain safe from PASSTEAL by resetting their passwords routinely or utilizing tools that manage passwords by default, Trend Micro suggests.
Related article: New Spam Mail Charges For IPod
» SPAMfighter News - 14-11-2012