Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Trojan-PSW:W32/Magania
[Summary] | [Detailed Description]

Name : Trojan-PSW:W32/Magania
Alias:Trojan-PSW.Win32.Magania
Type:Trojan-PSW
Category:Malware
Platform:W32
Radar

Summary
Magania is a large family of logon/password stealing trojans that are reportedly made in China.

These trojans can usually be found in e-mails, that are spammed by hackers. An infected e-mail typically contains a single executable file attachment.
Back to the Top

Detailed Description
Magania is a large family of login/password stealing trojans that are reportedly made in China.

These trojans can usually be found in e-mails, that are spammed by hackers. An infected e-mail typically contains a single executable file attachment. In most cases such an attachment is a self-extracting RAR archive that contains at least one more embedded archive. In one of these archives there's always a Magania trojan sample.

Once an infected attachment is run, it usually displays an image as a decoy. At the same time the trojan's payload is activated. The trojan installs itself to the system by copying itself to one of the Windows subfolders or to the Windows System folder. It then drops a DLL file that represents the main spying component. The trojan registers the dropped DLL as a component of Internet Explorer, so it always has access to the Internet and can monitor URLs that are visited in the browser.

The main purpose of the trojan is to steal logons and passwords from users who play on-line games, provided by Gamania.

With the stolen information a hacker can logon onto a game using the stolen credentials and manipulate someone's game character. For example, the hacker can transfer valuable items that someone's character possesses to a secret location, where they can be picked up by another character, played by the hacker. Some hackers sell the stolen information to the highest bidder. It should be noted that some on-line games allow users to sell their character's possessions for real cash, so the motivation behind the creation of such trojans is to steal virtual goods and to convert those goods into real-world cash.
Back to the Top



F-Secure Corporation

Last Modified: September 05, 2007