Класс: Trojan-PSW
Предназначены для кражи пользовательских аккаунтов (логин и пароль) с пораженных компьютеров. PSW – аббревиатура от Password Stealing Ware («ПО для кражи паролей»). При запуске PSW-троянцы ищут необходимую информацию в системных файлах, хранящих различную конфиденциальную информацию, или реестре. В случае успешного поиска программа отсылает найденные данные «хозяину». Для передачи данных могут быть использованы электронная почта, ftp, web (посредством указания данных в запросе) и другие способы. Некоторые троянцы данного типа воруют регистрационную информацию к различному программному обеспечению. Программы, занимающиеся кражей учетных записей пользователей систем интернет-банкинга, интернет-пейджинга и онлайн-игр, в силу их многочисленности, выделены в отдельные классы: Trojan Banker, Trojan IM и Trojan GameThief соответственно.Подробнее
Платформа: Win32
Win32 - платформа, управляемая операционной системой на базе Windows NT (Windows XP, Windows 7 и т.д.), позволяющей исполнять 32-битные приложения. В настоящее время данная платформа является одной из наиболее распространенных.Семейство: Trojan-PSW.Win32.Fareit
Нет описания семействаПримеры
952EF76A6EE3A8396EC5FD9D8A841BD5C3777C832226D79C8EA1468921349C2E
4597D6D45F048B24C70B6A249150B0A2
B762D7F1040930AC20835B56F7ECB1FB
B444603B4D3D840A09141E3224F26F58
Тактики и Техники: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036.002
Masquerading: Right-to-Left Override
Adversaries may abuse the right-to-left override (RTLO or RLO) character (U+202E) to disguise a string and/or file name to make it appear benign. RTLO is a non-printing Unicode character that causes the text that follows it to be displayed in reverse. For example, a Windows screensaver executable named
Adversaries may abuse the RTLO character as a means of tricking a user into executing what they think is a benign file type. A common use of this technique is with Spearphishing Attachment/Malicious File since it can trick both end users and defenders if they are not aware of how their tools display and render the RTLO character. Use of the RTLO character has been seen in many targeted intrusion attempts and criminal activity.(Citation: Trend Micro PLEAD RTLO)(Citation: Kaspersky RTLO Cyber Crime) RTLO can be used in the Windows Registry as well, where regedit.exe displays the reversed characters but the command line tool reg.exe does not by default.
March 25 \u202Excod.scr will display as March 25 rcs.docx. A JavaScript file named photo_high_re\u202Egnp.js will be displayed as photo_high_resj.png.(Citation: Infosecinstitute RTLO Technique)Adversaries may abuse the RTLO character as a means of tricking a user into executing what they think is a benign file type. A common use of this technique is with Spearphishing Attachment/Malicious File since it can trick both end users and defenders if they are not aware of how their tools display and render the RTLO character. Use of the RTLO character has been seen in many targeted intrusion attempts and criminal activity.(Citation: Trend Micro PLEAD RTLO)(Citation: Kaspersky RTLO Cyber Crime) RTLO can be used in the Windows Registry as well, where regedit.exe displays the reversed characters but the command line tool reg.exe does not by default.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.