Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan-PSW:W32/Magania


Aliases:


Trojan-PSW:W32/Magania
Trojan-PSW:W32/Magania
Packer.Malware.NSAnti.D, Packer.Malware.NSAnti.J trojan-gamethief.win32.magania
PWS:Win32/Frethog.gen!H (Microsoft)

Malware
Trojan-PSW
W32

Summary

This type of trojan steals passwords and other sensitive information. It may also secretly install other malicious programs.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Trojan-PSW:W32/Magania is a large family of login/password stealing trojans that are reportedly made in China. The main purpose of the trojan is to steal logons and passwords from users who play on-line games, provided by Gamania.It should be noted that some on-line games allow users to sell their character's possessions for real cash, so the motivation behind the creation of such trojans is to steal virtual goods and to convert those goods into real-world cash.


Distribution

These trojans are usually distributed in file attachments to e-mail messages spammed out to victims by hackers. The file attachment is typically a single executable program. In most cases such an attachment is a self-extracting RAR archive that contains at least one more embedded archive. In one of these archives there's always a Magania trojan.


Installation

Once the infectious attachment is run, it usually displays an image as a decoy. At the same time the trojan's payload is activated. The trojan installs itself to the system by copying itself to one of the Windows subfolders or to the Windows System folder. It then drops a DLL file that represents the main spying component. The trojan registers the dropped DLL as a component of Internet Explorer, so it always has access to the Internet and can monitor URLs that are visited in the browser.


Activity

With the stolen information a hacker can logon onto a game using the stolen credentials and manipulate someone's game character. For example, the hacker can transfer valuable items that someone's character possesses to a secret location, where they can be picked up by another character, played by the hacker. Some hackers sell the stolen information to the highest bidder.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free