Threat Description

Trojan-PSW:​W32/Magania

Details

Aliases: Trojan-PSW:​W32/Magania, Trojan-PSW:​W32/Magania, Packer.Malware.NSAnti.D, Packer.Malware.NSAnti.J trojan-gamethief.win32.magania, PWS:Win32/Frethog.gen!H (Microsoft)
Category: Malware
Type: Trojan-PSW
Platform: W32

Summary



This type of trojan steals passwords and other sensitive information. It may also secretly install other malicious programs.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details



Trojan-PSW:W32/Magania is a large family of login/password stealing trojans that are reportedly made in China. The main purpose of the trojan is to steal logons and passwords from users who play on-line games, provided by Gamania.It should be noted that some on-line games allow users to sell their character's possessions for real cash, so the motivation behind the creation of such trojans is to steal virtual goods and to convert those goods into real-world cash.

Distribution

These trojans are usually distributed in file attachments to e-mail messages spammed out to victims by hackers. The file attachment is typically a single executable program. In most cases such an attachment is a self-extracting RAR archive that contains at least one more embedded archive. In one of these archives there's always a Magania trojan.

Installation

Once the infectious attachment is run, it usually displays an image as a decoy. At the same time the trojan's payload is activated. The trojan installs itself to the system by copying itself to one of the Windows subfolders or to the Windows System folder. It then drops a DLL file that represents the main spying component. The trojan registers the dropped DLL as a component of Internet Explorer, so it always has access to the Internet and can monitor URLs that are visited in the browser.

Activity

With the stolen information a hacker can logon onto a game using the stolen credentials and manipulate someone's game character. For example, the hacker can transfer valuable items that someone's character possesses to a secret location, where they can be picked up by another character, played by the hacker. Some hackers sell the stolen information to the highest bidder.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More