Malware of this family is used by criminals to obtain credentials by stealing the user names and passwords of the user of an infected computer.
This malware saves the collected account information in a separate folder created specially by the malware on the infected computer.
The information is then sent to the criminal by email, FTP or HTTP (in an HTTP request), or other methods.
Geographical distribution of attacks by the Trojan-PSW.Win32.Ruftar family
Geographical distribution of attacks during the period from 13 May 2015 to 13 May 2016
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide who were attacked by this malware